Changelog Master Feed

Shift left, seriously. (Changelog Interviews #575)

Jan 26, 2024

Justin Garrison, Deepak Prabhakara, Schalk Neethling, and a fellow Changelog Slack member discuss shifting left in security, the role of developers, the importance of tooling, authentication vs authorization, and the constant need for security. They explore the concept of shifting left in software development and security, the implications for security compliance and accessibility, trade-offs in security, continuous improvement in security, automation and documentation, proprietary vs open-source solutions for security, and the importance of prioritizing security in development.

01:28:17

Creator website

Episode guests

Schalk Neethling

Justin Garrison

fellow Changelog Slack member

Deepak Prabhakara

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Shifting left in security means incorporating security practices into the development process from the beginning, rather than as an afterthought.

The appropriate level of security depends on the context of the application or system being developed, considering factors such as regulatory compliance and data sensitivity.

Collaboration among developers, compliance managers, and security specialists is essential for effective security implementation and testing.

Deep dives

Shift Left and the Concept of Security as Code

Shift left and security as code are concepts that emphasize the importance of incorporating security practices and considerations early in the development process. By shifting left, developers are encouraged to think about security as they write code, rather than treating it as an afterthought. This mindset allows for better identification and mitigation of security vulnerabilities and risks. Additionally, security as code involves automating security processes and policies, making them more manageable and scalable. This approach enables developers to leverage tooling and automation to ensure that security measures are consistent and reliable throughout the development lifecycle.

Introduction

4min

Understanding the Concept of Shifting Left in Software Development and Security

3min

Shifting Left in Security Compliance and Accessibility

21min

Exploring Maximum Security, Trade-offs, and Evolving Systems

3min

Shift Left and Continuous Improvement in Security

11min

Automation and Documentation

12min

Shifting Left and Reclaiming Control: A Perspective on Security and Development

4min

Choosing Between Proprietary and Open-Source Solutions for Security

26min

Shift Left and the Importance of Security in Development

4min

This week we’re going deep on security and what it takes to shift left, seriously. Adam is joined by Justin Garrison (co-host of Ship It), plus two members of the BoxyHQ team — Deepak Prabhakara, Co-founder & CEO and Schalk Neethling, Community Manager and DevRel as well as fellow Changelog Slack member.

We discuss how to shift left, the role of the developer and the burden of security, the importance of tooling, the difference between authentication and authorization, and a mindset change for when security takes place — it’s a matter of “when” not “who.”

Join the discussion

Changelog++ members get a bonus 10 minutes at the end of this episode and zero ads. Join today!

Sponsors:

Vercel – With zero configuration for over 35 frameworks, Vercel’s Frontend Cloud makes it easy for any team to deploy their apps. Today, you can get a 14-day free trial of Vercel Pro, or get a customized Enterprise demo from their team. Visit vercel.com/changelogpod to get started.
Synadia – Take NATS to the next level via a global, multi-cloud, multi-geo and extensible service, fully managed by Synadia. They take care of all the infrastructure, management, monitoring, and maintenance for you so you can focus on building exceptional distributed applications.
Read Write Own – Read, Write, Own: Building the Next Era of the Internet—a new book from entrepreneur and investor Chris Dixon—explores one possible solution to the internet’s authenticity problem: Blockchains. From AI that tracks its source material to generative programs that compensate—rather than cannibalize—creators. It’s a call to action for a more open, transparent, and democratic internet. One that opens the black box of AI, tracks the origins we see online, and much more. Order your copy of Read, Write, Own today at readwriteown.com
Fly.io – The home of Changelog.com — Deploy your apps and databases close to your users. In minutes you can run your Ruby, Go, Node, Deno, Python, or Elixir app (and databases!) all over the world. No ops required. Learn more at fly.io/changelog and check out the speedrun in their docs.

Featuring:

Deepak Prabhakara – Website, GitHub, LinkedIn, X
Schalk Neethling – Website, GitHub, LinkedIn, Mastodon
Adam Stacoviak – Website, GitHub, LinkedIn, Mastodon, X
Justin Garrison – GitHub, LinkedIn, X

Show Notes:

BoxyHQ.com
SAML Jackson - Enterprise SSO made simple
Enterprise SaaS Starter Kit
MVSP (Minimum Viable Secure Product
Minimum Viable Secure Product (MVSP) checklist

Something missing or broken? PRs welcome!

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Changelog Master Feed

Shift left, seriously. (Changelog Interviews #575)

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Shift Left and the Concept of Security as Code

The Importance of Context in Security

Security as a Collaborative Effort

Continuous Improvement and Adaptation

The Shift Left Approach to Security

The Tradeoff between Build and Buy

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Changelog Master Feed

Shift left, seriously. (Changelog Interviews #575)

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Shift Left and the Concept of Security as Code

The Importance of Context in Security

Security as a Collaborative Effort

Continuous Improvement and Adaptation

The Shift Left Approach to Security

The Tradeoff between Build and Buy

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights