The Secure Developer

Our guest today on the show is Clint Gibler, a research director at NCC Group, where he helps provide organizations with security consulting services. Clint speaks to Guy Podjarny at DevSecCon Seattle about the current landscape of application security, how his company fits into that as a global information assurance specialist and the job of helping companies scale their security efforts through cutting edge tools and processes. His vast experience in the field of security, with a wide range of companies, has afforded him great insight into the importance of security teams' morale and goal setting. We hear from him about staying up to date on the latest developments in the field and his advice for remaining as current as possible. Clint's background in helping companies implement security automation and DevSecOps best practices has led to his current standing and we get to hear about the panel discussion he moderated at the DevSecCon event.Show notes and transcript can be found here  Follow UsOur WebsiteOur LinkedIn

In the age of startups, diverse employee backgrounds are increasingly important for companies to be resilient and deeply innovative. People's prior experience helps their work in security both in expected and unexpected ways. Our guest today, Tad Whitaker, has one of the most interesting backgrounds we’ve yet to encounter. From working as a gold miner to a newspaper reporter to a private investigator, Tad’s journey to landing his role as a Engineering Manager at CircleCI has been very colorful. He is also a core member of the Bay Area OWASP leadership that hosts bi-monthly security meetups in San Francisco. Outside of work, Tad volunteers with several different organizations, including The Wall of Sheep at DefCon, Mission Bits, Telegraph Academy and the San Francisco Youth Baseball League. In this episode, Tad shares his interesting background with us and the different ways that have overlapped with current work in security. We also gain some insights into the structure at Circle, from how his team works to their relationship with the development team. The dynamic relationship between development and security is not one we encounter often, so it is refreshing to hear. Tad also walks us through compliance and how adhering to mandated compliance standards have helped and hindered his work.Show notes and transcript can be found here  Follow UsOur WebsiteOur LinkedIn

In our conversation, we chat to Julien about his current professional role, his talk at DevSecCon and the inspiration behind it before diving into his ideas on security's present and possible futures. Julien makes an argument for setting up 'paved roads' for security in order to save time and resources but rather than these being restrictive, he emphasizes the freedom that should remain built into these systems. For a fascinating chat with Julien and some insight into what is going at Mozilla currently, be sure to join us!Show notes and transcript can be found here Follow UsOur WebsiteOur LinkedIn

What Mike and the various other cloud businesses within the broader Cisco network have managed to do is create an environment where they share knowledge and learn from one another to the ultimate benefit of their customers. He talks about their system according to which his team engages with and gives feedback to engineers and the model they have implemented to constantly evaluate their efficiency. We switch to talking about Duo's acquisition by Cisco and how it has boosted the organization, and Mike wraps up the conversation by telling listeners why diversity in teams is crucial.Show notes and transcript can be found here  Follow UsOur WebsiteOur LinkedIn

In episode 44 of The Secure Developer, Guy Podjarny sits down with guest host Simon Maple of Snyk to reflect back on the numerous guests he’s had on the show throughout 2019, and the many security lessons and insights shared along the way. The post Ep. #44, Year in Review with Guy Podjarny appeared first on Heavybit. Follow UsOur WebsiteOur LinkedIn

In episode 43 of The Secure Developer, Guy joins Stu Hirst, Principal Cloud Security Engineer at Just Eat. They discuss Stu’s journey into cloud security, avoiding burnout, cultivating better hiring practices, and the importance of failing fast.The post Ep. #43, Combatting Security Burnout with Stu Hirst of Just Eat appeared first on Heavybit. Follow UsOur WebsiteOur LinkedIn

In episode 42 of The Secure Developer, Guy speaks with Kate Whalen, a security engineer at The Guardian, to discuss news media security and advocating security across many teams within a large organization. The post Ep. #42, News Media Security with Kate Whalen of The Guardian appeared first on Heavybit. Follow UsOur WebsiteOur LinkedIn

In episode 41 of The Secure Developer, Guy talks with Sara Dunnack, a security engineer at InVision. They discuss methods for improving communication between DevSecOps, AppSec, and Engineering teams within an organization. The post Ep. #41, Optimizing Team Communication with Sara Dunnack of InVision appeared first on Heavybit. Follow UsOur WebsiteOur LinkedIn

In episode 40 of The Secure Developer, Guy speaks with Brian Sodano, Director of Engineering at Liberty Mutual Insurance. They unpack what happens to security when a company goes through a large-scale digital transformation, and ruminate on the future of the security industry. The post Ep. #40, Large-Scale Digital Transformation with Brian Sodano of Liberty Mutual appeared first on Heavybit. Follow UsOur WebsiteOur LinkedIn

In episode 39 of The Secure Developer, Guy is joined by Mohan Yelnadu, Head of AppSec at Prudential. They discuss Mohan’s journey from pen tester to DevSecOps consultant, security threat modeling, and his 6 principles of continuous security. The post Ep. #39, Build, Break, and Defend with Mohan Yelnadu of Prudential appeared first on Heavybit. Follow UsOur WebsiteOur LinkedIn