AWS for Software Companies Podcast

Experienced CISOs from MongoDB and Gusto reveal proven frameworks for translating complex cybersecurity metrics into board-friendly presentations that drive decision-making.Topics Include:Security leaders discuss challenges of presenting technical cybersecurity topics to boardsMongoDB CISO presents three times in six months, Gusto director five timesThree-angle metrics framework: environmental threats, prevention quality, and detection/response speed capabilitiesBoard members switch contexts frequently, requiring extensive education and simplified heat mapsRepeatable presentation models help board members follow consistent data across meetingsAudit committees get different depth than general board updates on programsNew technologies like AI require educating boards on risks versus opportunitiesFoundational security principles like zero trust remain constant regardless of technologySecurity buzzwords need translation appendices since board members forget technical definitionsFinancial services background helps translate cyber risks into dollar amounts boards understandThird-party penetration testing provides independent validation but requires vendor rotation strategiesLimited 30-minute board time means trusting security leaders' vendor diligence decisionsFirst-time CISOs should educate on threat landscape then tailor strategy to companyBalance discussing shiny new technologies with essential foundational security blocking and tacklingAI implementation spans customer features, infrastructure security, and augmenting security capabilities internallyParticipants:Sean Josephson - Sr. Director of Information Security, GustoJulien Soriano – Sr. Vice President, CISO, MongoDBGee Rittenhouse - Vice President, Security Services, Amazon Web ServicesFurther Links:Gusto: Website – LinkedInMongoDB: Website – LinkedIn – AWS MarketplaceSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

John Skinner of Vectra AI shares how cyber attackers are democratizing sophisticated attacks using dark web tools, and why AI-powered hybrid defense is now essential for enterprise security.Topics Include:Vectra AI: 13-year-old cybersecurity company founded as "AI native" from day oneBuilt on machine learning assumption while competitors treated AI as afterthoughtGenerative AI represents the latest evolution in their comprehensive AI journeyStarted pairing threat researchers with ML developers to codify attack behaviorsAdded agentic AI in 2018 for correlation across space and timeUses AWS Security Lake, GuardDuty, and recently became AWS Bedrock customerSuccess measured by reducing "dwell time" from initial attack to detectionAchieved 60% faster alerts, 51% faster monitoring, 50% faster investigation timesCustomers should evaluate vendor's data science quality and algorithm training yearsEvolved hybrid defense approach as attacks start anywhere, go everywhereAI handles high-volume correlation while humans focus on analytical decisionsFuture challenge: democratized cyber attacks using readily available dark web toolsParticipants:John Skinner – Vice President Corporate/Business Development, Vectra AIFurther Links:Vectra AI: Website – LinkedIn – AWS Marketplace - YouTubeSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Vice President of Engineering James Musson reveals how Lucanet integrated multiple acquired solutions into a unified platform, achieving 3-month integration timelines while serving 6,000+ customers.Topics Include:Lucanet evolved from financial consolidation tool to comprehensive CFO solution platformPlatform covers consolidation, planning, ESG reporting, tax compliance, and cash managementThree key differentiators: easy to use, fast time-to-value, innovative AI featuresAI-powered XBRL tagging reduces days of manual work to minutes with 90% accuracyComplex challenge: integrating multiple acquired tech stacks with cloud-native platform developmentBuilt micro front-end architecture and platform services for seamless user experienceCustom control plane automates customer onboarding and manages rolling upgrades safelyLatest acquisition integrated into platform within three months, unprecedented speedStrong company culture focuses on innovation, hackathons, and continuous learningAI bootcamps and tech lunch sessions keep 6,000+ customer engineering teams engagedBalances AI innovation with regulatory compliance using deterministic core processesHeavy AWS adoption with serverless technologies handles peaky financial reporting workloadsParticipants:James Musson – Vice President, Engineering, LucanetFurther Links:Lucanet: Website – LinkedInSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Learn how Trellix transformed into a cloud-first security leader through strategic AWS partnership, generating $500M+ pipeline and winning major enterprise deals like Airbus.Topics Include:Trellix's transformation: From legacy McAfee/FireEye to cloud-first cybersecurity solutions with AWSPartnership lessons: How AWS enabled 27-year-old ePolicy Orchestrator's successful cloud migration journeyLegacy transition advice: Embrace innovation, don't follow the "Sears model" of resisting changeAI go-to-market strategy: Dev days, marketplace usage, and Bedrock/Nova integrations driving customer adoptionCustomer AI concerns: Addressing data security fears and proving AI doesn't train on customer dataIntegration philosophy: XDR connects with AWS native services and even competitor tools seamlessly$12M Airbus win: Six-country enterprise deal showcasing collaborative sales across AWS teams and marketplaceFuture opportunities: AI-powered threat detection innovations and $500M+ pipeline through AWS marketplaceParticipants:Taylor Mullins - Sr. Solutions Architect, TrellixBrian Shadpour - General Manager, Security B2B Software Sales, Amazon Web ServicesFurther Links:Trellix: Website – LinkedIn – AWS MarketplaceSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Security leaders from CyberArk, Fortra, and Sysdig share actionable strategies for securely implementing generative AI and reveal real-world insights on data protection and agent management.Topics Include:Panel explores practical security approaches for GenAI from prototype to productionThree-phase framework discussed: planning, pre-production, and production security considerationsSecurity must be built-in from start - data foundation is criticalUnderstanding data location, usage, transformation, and regulatory requirements is essentialFortra's security conglomerate approach integrates with AWS native tools and partnersMachine data initially easier for compliance - no PII or HIPAA concernsIdentity paradigm shift: agents can dynamically take human and non-human roles97% of organizations using AI tools lack identity and access policiesSecurity responsibility increases as you move up the customization stackOWASP Top 10 for GenAI addresses prompt injection and data poisoningRigorous model testing including adversarial attacks before deployment is crucialSysdig spent 6-9 months stress testing their agent before production releaseTension exists between moving fast and implementing proper security controlsDifferent security approaches needed based on data sensitivity and model usageZero-standing privilege and intent-based policies critical for agent managementMulti-agent systems create "Internet of Agents" with exponentially multiplying risksDiscovery challenge: finding where GenAI is running across enterprise environmentsAPI security and gateway protection becoming critical with acceptable latencyTop customer need: translating written AI policies into actionable controlsThreat modeling should focus on impact rather than just vulnerability severityParticipants:Prashant Tyagi - Go-To-Market Identity Security Technology Strategy Lead, CyberArkMike Reed – Field CISO, Cloud Security & AI, FortraZaher Hulays – Vice President Strategic Partnerships, SysdigMatthew Girdharry - WW Leader for Observability & Security Partnerships, Amazon Web ServicesFurther Links:CyberArk: Website – LinkedIn – AWS MarketplaceFortra: Website – LinkedIn – AWS MarketplaceSysdig: Website – LinkedIn – AWS MarketplaceSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Brian Mendenhall, Worldwide Head, Security & Identity Partner Specialists of Amazon Web Services, reveals the insider framework for transforming enterprise AI security, including the three-pillar approach and partnership strategies that leading companies use to navigate AI governance challenges.Topics Include:At AWS everything starts with security as core principleConsulting partners follow three-phase model: assess, remediate, then fully manage securityTraditional security framework covers threat detection, incident response, and data protectionAI compliance spans multiple governance bodies with stacking requirements and regulationsEU AI Act affects any company globally if Europeans access their applicationsThree pillars: security OF AI, AI FOR security, security FROM AI attacksAWS launches AI security competency program with specialized partner categories and certificationsEnterprise AI spans five risk levels from consumer apps to self-trained modelsLegal liability dramatically increases as you move toward custom AI implementationsSafety means preventing harm; security means preventing breaches - both critical distinctionsCurrent AI hallucination rates hit 65-75% across major platforms like PalantirShared responsibility model determines who's liable when AI security tools failIndustry evolution progresses from machine learning to generative AI to autonomous agentsMajor prototype-to-production gap caused by governance, security, and scalability challengesSuccessful AWS partnerships require clear use cases, differentiation, and targeted go-to-market strategyParticipants:Brian Mendenhall - WW Head, Security & Identity Partner Specialists, Amazon Web ServicesSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Caitlin Anderson, Intel's Americas Sales GM shares which industries are leading AI adoption, where the biggest untapped opportunities lie, and why AI spending is expected to double by 2028. With special guest Piyush Sharrma of Tuskira.aiTopics Include:Caitlin Anderson discusses Intel-AWS partnership and generative AI trends accelerating businessIntel's AI journey spans decades: analytics since 1980s, natural language processing 2000sComputer vision remains major use case from edge computing to data centersGenerative AI and AI agents are the latest wave, with agents collaborating togetherIntel uses AI internally for manufacturing automation in highly sensitive fab environmentsRobotics and AI optimize quality control, system monitoring, and technician productivityAI spending growth spans all industries, with significant acceleration expected through 2028Software services, healthcare, and financial services lead current AI adoption and experimentationEducation, government, retail, and energy represent major untapped growth opportunities aheadIntel-AWS partnership spans 20 years, featuring custom silicon and broad CPU portfolioTuskira CEO Piyush Sharrma explains cybersecurity "perfect storm" where attackers weaponize same AI toolsSuccess requires ecosystem partnerships - no single company can solve complex AI challengesParticipants:Caitlin Anderson - Corporate Vice President, GM Americas Sales, IntelPiyush Sharrma – CEO and Co-Founder, Tuskira.aiSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Aditya Vasudevan, Cohesity's cyber recovery expert, shares battle-tested insights from defending Fortune 100 companies against AI-powered cyberattacks.Topics Include:Cohesity protects 85% of Fortune 100 data with battle-tested cyber recovery experienceTop 10 cyber adversaries target organizations; Cohesity has defended against most major threatsGenAI adopted by 100 million users in two months, creating unprecedented security challengesNew AI threats include prompt injection, synthetic identities, shadow AI, and supply vulnerabilitiesAttackers now use AI for sophisticated phishing, automated malware, and accelerated attack chainsReal companies completely banned AI after code leaks, misuse incidents, and data concernsThree-pillar security approach: fight AI with AI, enhanced training, and automated workflowsSecure AI design requires private deployments, complete traceability, and role-based access controlsAmazon Bedrock offers built-in guardrails, private VPCs, and enterprise monitoring capabilitiesCohesity's Gaia demonstrates secure AI with RAG architecture and permission-aware data accessResilience strategy combines immutable backups, anomaly detection, and recovery automation for incidentsProper AI security reduces cyber insurance premiums and prevents costly downtime disastersParticipants:Aditya Vasudevan - GVP of Cyber Resiliency, Cohesity Further Links:Cohesity: Website | LinkedIn | AWS MarketplaceSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Tyler Warden, SVP of Product at Sonatype, shares surprising research on security, productivity and prioritization, with actionable strategies for organizational transformation. Topics Include:Tyler from Sonatype (Maven creators) shares research on security culture in developmentSecurity is more cultural than tooling, with rising supply chain attacksDevelopment speeds up while global regulations rapidly change across marketsTyler's background: wanted to be a Broadway conductor, not tech speakerBeethoven's 9th Symphony story: nephew missed a dot, changing tempo foreverWe can "be the dot" - small changes creating big organizational impactThree organization types: Leaders (collaborative), Adapters (balanced), Protectors (security-first)Leaders achieve best productivity and security but face executive skepticismResearch reveals balanced teams outperform purely security-focused or productivity-focused approachesHigh-performance teams go faster AND stay more secure than alternatives"Yes" philosophy from improv comedy: fun happens when we enable innovationApply proven supply chain principles from manufacturing to software development security Participants:Tyler Warden – Senior Vice President, Product, SonatypeFurther Links:Sonatype: Website | LinkedIn | AWS MarketplaceSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Anurag Yagnik, CTO of Prophix, shares insights from his 25-year journey in tech, focusing on AI-driven solutions for CFOs. He discusses how Amazon Bedrock empowers Prophix to create autonomous AI agents that enhance financial workflows. Topics include the evolution of AI agents, real-time data usage, and customer concerns about privacy and accuracy. Anurag also highlights the demo of automated budgeting workflows using natural language queries, showcasing the potential of Prophix One Intelligence to revolutionize financial management.