David Mytton, CEO of ArcJet and founder of Console.dev, dives into the clash between fast-paced development and security needs. He critiques the common approach of just adding security tools, emphasizing that true success requires alignment between developers and security teams. David highlights the significance of intuitive developer-centric design and the right incentives to foster a secure culture. He also shares insights on how to market security tools effectively and empower developers to prioritize security without hindering innovation.
48:40
forum Ask episode
web_stories AI Snips
view_agenda Chapters
auto_awesome Transcript
info_circle Episode notes
insights INSIGHT
DevSecOps Incentive Mismatch
DevSecOps, inspired by DevOps, aims to shift security responsibility left to developers.
However, mismatched incentives between building features (developers) and mitigating risk (security) hinder its success.
insights INSIGHT
Security as a Distraction
Developers prioritize building features, often viewing security as a distraction.
Security solutions should address developer problems, not just sell products.
volunteer_activism ADVICE
Implementing Secure by Design
Secure by design is a good concept, but implementation is challenging.
Incentivize secure coding practices or mandate them through regulation and address liability.
Get the Snipd Podcast app to discover more snips from this episode
If you're tired of hearing "shift left" in DevSecOps and seeing little real change, you're not alone.
In this episode, David Mytton (CEO of ArcJet, founder of Console.dev) breaks down why traditional approaches to developer security often fail. He reveals the core conflict between developers (who want to build fast) and security teams (who want to mitigate risk), and explains why this misalignment of incentives can be detrimental for your software. Learn why simply handing devs more security tools isn't enough.
David shares his insights from years of experience reviewing developer tools and building security products. He discusses the importance of developer-centric design, the power of the right incentives, and the need for security solutions that seamlessly integrate into the developer workflow. Plus, he reveals the secrets to successful developer marketing and why traditional approaches often backfire.
Tune in to discover how to foster a security-conscious culture within your engineering team, without stifling innovation or creating unnecessary friction. Learn how to empower developers to build secure software by design, and discover the tools and strategies that are shaping the future of DevSecOps.
Dev Interrupted