The Secure Developer

In the latest episode of The Secure Developer, Guy is joined by Molly Crowther from Pivotal. Molly discusses her role in managing security at Cloud Foundry, an open source cloud platform on which developers can build, deploy and run applications. She explains their security triage and CVE process and reveals some of the challenges of working within the large ecosystem of diverse companies that make up the Cloud Foundry Foundation. Molly also talks about how she fulfills her role of wearing many hats as a representative of both Pivotal and the open source foundation. The post Ep. #12, Keeping Cloud Foundry Secure appeared first on Heavybit. Follow UsOur WebsiteOur LinkedIn

In the latest episode of The Secure Developer, Guy is joined by Arup Chakrabarti, Kevin Babcock and Rich Adams from PagerDuty. They discuss how they put into practice their security vision of “making it easy to do the right thing”. This involves picking the right tooling and designing a security experience that doesn’t force people to do things, but rather provides insight into how vulnerabilities can be exposed. Giving people the opportunity to break things also creates a strong desire to want to then protect those things. The post Ep. #11, Keeping PagerDuty Secure appeared first on Heavybit. Follow UsOur WebsiteOur LinkedIn

In the latest episode of The Secure Developer, Guy is joined by Aren Sandersen. They examine the current state of access control systems and discuss the need for better education and tooling to support time-bound dynamic access control. Aren also explains why most startups consider security too late and reveals the minimum mindset that all early stage startups need to adopt to manage their attack surface. The post Ep. #10, Dynamic Authorization: The Evolution of Access Controls appeared first on Heavybit. Follow UsOur WebsiteOur LinkedIn

In the latest episode of The Secure Developer, Francois Raynaud joins Guy to discuss the current state of IT security. Francois explains why a cultural shift is needed to make security more inclusive, with security professionals taking on a greater mentoring and guiding role. Francois discusses why he created DevSecCon, a Development Security Conference aimed at fostering inclusion. He also shares approaches for DevOps and Security teams to better understand what other teams are trying to achieve so they can work collaboratively and improve business security. The post Ep. #9, Making Security More Inclusive appeared first on Heavybit. Follow UsOur WebsiteOur LinkedIn

In this episode of The Secure Developer, Geva Solomonovich, COO at Snyk and founder of Snowy Peak Security joins Guy to discuss security policies, and why you shouldn’t wait to implement your own. Geva shares the 3 categories of security policies he developed with his clients and emphasizes that it’s not enough to create a set of documents or processes. You need to establish a security mindset and integrate it into everything you do. Don’t miss this episode for practical tips on reducing your company’s risk surface. The post Ep. #8, What’s In A Security Policy? appeared first on Heavybit. Follow UsOur WebsiteOur LinkedIn

In this episode of The Secure Developer, Ben Bernstein from Twistlock joins Guy to discuss container security. Are you currently using containers, or thinking about moving to containers in your stack? You won’t want to miss this episode. With containers, developers control the entire stack. While empowering to developers, this can also open up new security vulnerabilities. Ben and Guy discuss the tools and processes you’ll need to put in place to ensure your containers are compliant and secure. The post Ep. #7, Understanding Container Security appeared first on Heavybit. Follow UsOur WebsiteOur LinkedIn

In episode #6 of The Secure Developer, Guy is joined by his Snyk.io co-founder Danny Grander for an in depth discussion on CTF (Capture The Flag) competitions in the security world. Learn about the differences between jeopardy style and attack-defense CTFs, the future of AI powered hacking (and defense!), and where you should start if you’re interested in playing. The post Ep. #6, Developer War Games: Capture The Flag! appeared first on Heavybit. Follow UsOur WebsiteOur LinkedIn

In the fifth installment of The Secure Developer, Guy talks with Chef CTO Adam Jacob about the role security can play in DevOps and continuous integration/deployment. They cover the differences between baked-in and bolted on security and how automation with Habitat can change the way developers approach secure coding. The post Ep. #5, Continuous Security at Chef appeared first on Heavybit. Follow UsOur WebsiteOur LinkedIn

In episode #4 of The Secure Developer, Guy is joined by Eric Lawrence of the Google Chrome security team. Eric and Guy begin with a discussion on what it takes to be a great security engineer – namely curiosity and a willingness to learn. Later they discuss the growing importance of the modern web browser, and how security previously only found in operating systems is now moving into browsers themselves. Finally they discuss the current state of HTTPS, including the carrots and the sticks that browser designers like Eric have at their disposal. The post Ep. #4, Getting Down To The Metal appeared first on Heavybit. Follow UsOur WebsiteOur LinkedIn

In episode 3 of The Secure Developer, Guy is joined by Sabin Thomas, VP of Engineering at Codiscope, where he creates tools that help developers build and deploy secure code faster. The two discuss the difficulties presented by the accelerating release of new tools and frameworks, the problem of too many sticks and not enough carrots, and the benefits of designing with security in mind from the start. The post Ep. #3, Security From The Start appeared first on Heavybit. Follow UsOur WebsiteOur LinkedIn