The Secure Developer

Episode SummaryIn this episode of The Secure Developer, host Danny Allan sits down with David Mytton, founder and CEO of Arcjet, former CEO of Server Density, and co-founder of Console.dev. David shares his insights into bridging the “developer-security gap” with Arcjet, a cutting-edge middleware SDK designed to empower developers with advanced security tools like rate limiting and bot protection. The conversation dives into the evolution of developer tools, the growing role of AI in coding, and the future of secure software development in modern environments. David also offers a fascinating perspective on sustainable computing and the impact of clean energy in the tech industry.Show NotesIn this thought-provoking episode of The Secure Developer, host Danny Allan sits down with David Mytton, founder and CEO of Arcjet, to explore the evolving intersection of development, security, and AI. David, a serial entrepreneur with deep roots in cloud monitoring and developer tools, shares his journey from co-founding Server Density to building Arcjet, a groundbreaking solution for developers managing runtime security.The conversation begins with David’s take on why developers should prioritize security early in the development lifecycle. He highlights the challenges developers face in modern environments, where traditional security tools often fail to integrate seamlessly with serverless and edge computing platforms. David introduces Arcjet as an innovative SDK that empowers developers to implement rate-limiting, bot detection, and other security measures directly in their applications, offering a developer-first approach to runtime protection.Delving deeper, the discussion shifts to the rise of WebAssembly as a transformative technology. David explains how WebAssembly enables near-native performance across platforms while providing unparalleled isolation—making it a perfect fit for modern security needs. He contrasts this with traditional intrusion detection systems and outlines how Arcjet leverages WebAssembly to fill the gaps left by legacy tools.The episode also explores the broader evolution of the developer ecosystem. From the increasing adoption of AI-powered coding tools to the growing interest in languages like Rust, David shares his perspective on how these trends are reshaping software development. He also discusses the challenges of balancing AI-generated code with the need for security and the potential for AI to exacerbate vulnerabilities if not carefully managed.As the conversation wraps up, David touches on his research in sustainable computing and its implications for the tech industry. He highlights the positive strides being made toward greener computing practices and how developers can contribute to a more sustainable future.This episode offers a rich blend of technical insights, forward-thinking ideas, and practical advice for developers and security professionals navigating the ever-changing landscape of software security and development.LinksArcjetConsoleAcquiaRust Programming LanguageUniversity of OxfordSnyk - The Developer Security Company Follow UsOur WebsiteOur LinkedIn

Berkay Berabi, an AI researcher and Senior Software Engineer at Snyk, shares his journey from electrical engineering to pioneering AI-driven vulnerability detection. He discusses how Snyk combines human expertise with machine learning for faster, more accurate security solutions. Berkay introduces CodeReduce, a revolutionary tool that simplifies complex code structures, enhancing vulnerability detection. The conversation also touches on addressing AI hallucinations and the balance between speed and performance in AI models, highlighting both the opportunities and risks of generative AI in coding.

Jeff Wang, Head of Business at Codeium and AI specialist, explores the evolution of coding assistants from simple tools to advanced AI-driven helpers. He discusses how generative AI dramatically boosts productivity and innovation in software development. Jeff dives into the importance of addressing security concerns with LLMs, potential solutions for safeguarding code, and the balance between AI capabilities and user satisfaction. He also emphasizes the need for diverse coding tools to support various developer environments, aiming to transform tech landscapes.

David Imhoff, Director of DevSecOps at Kroger, discusses implementing DevSecOps in large organizations, balancing regulatory compliance with business objectives, building a security culture, risk mitigation challenges, importance of asset management, security champions, and potential impact of AI on cybersecurity practices.

Founder of Snyk, Guy Podjarny, shares insights on integrating security into the developer workflow and the impact of AI on the industry. They discuss challenges faced, importance of open-source security, and future of autonomous developer security. The podcast explores Snyk's journey from inception in a shower to becoming a developer-first security platform.

Episode SummaryIn this episode of The Secure Developer we're joined by Brian Vallelunga, Founder and CEO of Doppler, to discuss the importance of secrets management in modern application development. Brian shares his journey in creating Doppler, a secrets manager designed for developers and DevOps teams, and highlights the challenges organizations face in managing sensitive data such as API keys, database credentials, and certificates. The conversation explores best practices for secure secret storage, the need for industry-wide adoption of secrets rotation, and the potential impact of AI on the future of secrets management and identity-based authentication.Show NotesIn this insightful episode of The Secure Developer, we sit down with Brian Vallelunga, Founder and CEO of Doppler, to dive deep into the critical topic of secrets management in modern application development. Brian shares Doppler's unique founding story, which began as a crypto machine learning marketplace but pivoted to address the pressing need for effective secrets management solutions.Throughout the conversation, Brian and Danny explore the challenges developers and organizations face when managing sensitive data, such as API keys, database credentials, and certificates. They discuss best practices for secure secret storage, emphasizing the importance of encryption, seamless integration with developer workflows, and creating a positive developer experience.The discussion also touches on the industry's struggle with secrets rotation and the need for standardization across providers to enable effective rotation strategies. Brian and Danny consider the potential role of compliance requirements, such as SOC 2, in driving the adoption of robust secrets management practices.Looking to the future, the pair explores the impact of artificial intelligence on secrets management and the potential shift towards identity-based authentication. They envision a world where AI agents dynamically provision infrastructure and manage the connections between various services, with secrets managers facilitating seamless authentication.Tune in to this engaging episode to gain valuable insights into the evolving landscape of secrets management and discover how industry leaders like Snyk and Doppler are working to secure the future of application development.LinksTwilioStripeNullifyVercelKubernetesAmazon Web ServicesGitHub CopilotMagicSnyk - The Developer Security CompanyFollow UsOur WebsiteOur LinkedIn Follow UsOur WebsiteOur LinkedIn

Special news about the future of The Secure Developer! Follow UsOur WebsiteOur LinkedIn

Delve into the ever-changing landscape of data security with Danny Allan, the new CTO at Snyk. Explore the evolution of security practices, the interconnectedness of data security domains, strategies against ransomware threats, and the potential of AI in revolutionizing security processes.

Episode SummaryExplore the role of consolidated platforms in software development with our guest, John Delmare, Global Application and Cloud Security Lead of Accenture. This episode dives into the growing complexity in the developer space and how these platforms streamline processes and foster collaboration among distributed teams. We discuss balancing application and cloud security, the financial and time-saving benefits of integrated platforms, and the role of best-of-breed technology in an evolving tooling landscape. Tune in for a preview of future secure development practices and practical advice on navigating this dynamic space.Show NotesIn this engaging episode of The Secure Developer, host Simon Maple chats with John Delmare, Managing Director of Accenture and Global Application and Cloud Security Lead, about the movement towards platform consolidation in the field of DevSecOps.They dive into an in-depth exploration of the potential advantages and barriers that emerge from the reduction of tool sprawl. Using his extensive experience and insights, Delmare sheds light on how this development can enhance efficiency for developers and, at the same time, benefit companies by making processes more streamlined, cost-efficient, and effective.Not losing sight of the role of best-of-breed tools, the conversation takes a turn into how such tools fare in the current scenario, whether they still hold relevance, or if the consolidation trend is set to overshadow them. More intriguingly, Delmare and Maple delve into the potential implications of emerging technologies like General Artificial Intelligence (GenAI) on the strategies for security tooling.Further enriching the conversation, they emphasize the critical need for a common ground between security and development teams. Platform consolidation comes into play here by offering shared data views and aligning the teams towards unified goals, making the perfect case for seamless DevSecOps practices.This episode is packed with insights that would cater to developers, security professionals, and decision-makers in the IT industry, offering them a clearer view of the current trends and allowing them to make strategically sound decisions. Tune in to be part of this insightful conversation.LinksAccentureSnyk - The Developer Security CompanyFollow UsOur WebsiteOur LinkedIn Follow UsOur WebsiteOur LinkedIn

Episode SummaryIn this episode of The Secure Developer, Guy Podjarny and guest Sean Catlett discuss the shift from traditional to engineering-first security practices. They delve into the importance of empathy and understanding business operations for enforcing better security. Catlett emphasizes utilizing AI for generic tasks to focus on crafting customized security strategies.Show NotesIn this episode of The Secure Developer, host Guy Podjarny chats with experienced CISO Sean Catlett about transforming traditional security cultures into a more modern, engineering-first approach. Together, they delve into the intricacies of this paradigm shift and the resulting impact on organizational dynamics and leadership perspectives.Starting with exploring how an empathetic understanding of a business's operational model can significantly strengthen security paradigms, the discussion progresses toward the importance of creating specialized security protocols per unique business needs. They stress that using AI and other technologies for generic tasks can free up teams to concentrate on building tailored security solutions, thereby amplifying their efficiency and impact on the company's growth.In the latter part of the show, Catlett and Podjarny investigate AI's prospective role within modern security teams and lay out some potential challenges. Recognizing the rapid evolutionary pace of such technologies, they believe keeping up with AI advancements is crucial for capitalizing on its benefits and pre-empting potential pain points.AI-curious listeners will find this episode brimming with valuable insights as Catlett and Podjarny demystify the complexities and highlight the opportunities of the current security landscape. Tune in to learn, grow, and transform your security strategy.LinksSlackFedRAMPGitHub CopilotChatGPTSnyk - The Developer Security CompanyFollow UsOur WebsiteOur LinkedIn Follow UsOur WebsiteOur LinkedIn