Shift left, seriously. (Changelog Interviews #575)

Jan 26, 2024

Guest

Deepak Prabhakara

Guest

fellow Changelog Slack member

Justin Garrison, Deepak Prabhakara, Schalk Neethling, and a fellow Changelog Slack member discuss shifting left in security, the role of developers, the importance of tooling, authentication vs authorization, and the constant need for security. They explore the concept of shifting left in software development and security, the implications for security compliance and accessibility, trade-offs in security, continuous improvement in security, automation and documentation, proprietary vs open-source solutions for security, and the importance of prioritizing security in development.

Ask episode

Chapters

Transcript

Episode notes

Introduction

00:00 • 4min

Understanding the Concept of Shifting Left in Software Development and Security

04:27 • 3min

Shifting Left in Security Compliance and Accessibility

07:35 • 21min

Exploring Maximum Security, Trade-offs, and Evolving Systems

28:25 • 3min

Shift Left and Continuous Improvement in Security

31:53 • 11min

Automation and Documentation

42:26 • 12min

Shifting Left and Reclaiming Control: A Perspective on Security and Development

54:30 • 4min

Choosing Between Proprietary and Open-Source Solutions for Security

58:02 • 26min

Shift Left and the Importance of Security in Development

01:23:53 • 4min

This week we’re going deep on security and what it takes to shift left, seriously. Adam is joined by Justin Garrison (co-host of Ship It), plus two members of the BoxyHQ team — Deepak Prabhakara, Co-founder & CEO and Schalk Neethling, Community Manager and DevRel as well as fellow Changelog Slack member.

We discuss how to shift left, the role of the developer and the burden of security, the importance of tooling, the difference between authentication and authorization, and a mindset change for when security takes place — it’s a matter of “when” not “who.”

Join the discussion

Changelog++ members get a bonus 10 minutes at the end of this episode and zero ads. Join today!

Sponsors:

Vercel – With zero configuration for over 35 frameworks, Vercel’s Frontend Cloud makes it easy for any team to deploy their apps. Today, you can get a 14-day free trial of Vercel Pro, or get a customized Enterprise demo from their team. Visit vercel.com/changelogpod to get started.
Synadia – Take NATS to the next level via a global, multi-cloud, multi-geo and extensible service, fully managed by Synadia. They take care of all the infrastructure, management, monitoring, and maintenance for you so you can focus on building exceptional distributed applications.
Read Write Own – Read, Write, Own: Building the Next Era of the Internet—a new book from entrepreneur and investor Chris Dixon—explores one possible solution to the internet’s authenticity problem: Blockchains. From AI that tracks its source material to generative programs that compensate—rather than cannibalize—creators. It’s a call to action for a more open, transparent, and democratic internet. One that opens the black box of AI, tracks the origins we see online, and much more. Order your copy of Read, Write, Own today at readwriteown.com
Fly.io – The home of Changelog.com — Deploy your apps and databases close to your users. In minutes you can run your Ruby, Go, Node, Deno, Python, or Elixir app (and databases!) all over the world. No ops required. Learn more at fly.io/changelog and check out the speedrun in their docs.

Featuring:

Deepak Prabhakara – Website, GitHub, LinkedIn, X
Schalk Neethling – Website, GitHub, LinkedIn, Mastodon
Adam Stacoviak – Website, GitHub, LinkedIn, Mastodon, X
Justin Garrison – GitHub, LinkedIn, X

Show Notes:

BoxyHQ.com
SAML Jackson - Enterprise SSO made simple
Enterprise SaaS Starter Kit
MVSP (Minimum Viable Secure Product
Minimum Viable Secure Product (MVSP) checklist

Something missing or broken? PRs welcome!