The Secure Developer

Cloud Security is a evolving and so are the attacks in this space. The landscape is becoming increasingly complex, so the question remains how do we tackle cloud security in organisations, who owns it and how do we best prepare?. In this episode, we provide listeners with an overview of Snyk’s report on cloud security and unpack some unsettling statics. To walk us through the report, we're joined by Drew Wright, the primary author of the report, and Simon Maple, Snyk’s Field CTO. In our conversation, we delve into the main findings, how data was collected, and essential lessons from the report. We discuss the differences between the IT cloud and the app cloud, adopting an infrastructure-as-code approach, what businesses are most at risk, and why cloud security is vital for all businesses. We also talk about the recent cultural shift regarding the responsibility of security and the nuanced perspectives on why cloud security is vital. Hear about a fantastic open-source resource, how to prevent security breaches, common mistakes businesses make, and more. Tune in to ensure you are up to date on the latest developments in the space as we navigate The State of Cloud Security report with experts Drew Wright and Simon Maple. Follow UsOur WebsiteOur LinkedIn

In this Ask Me Anything episode we Guypo, we put Guy Podjarny in the guest chair, and had him field a bunch of really interesting guest-submitted questions.In this Ask Me Anything session, you can expect to hear a few bits about Guypo's taste in books, how he likes to unwind, before we dive into some industry-specific content, and some rather interesting insights on the history of Snyk. We take a journey down memory lane for what started this podcast, and what has enabled it to keep growing and stay relevant.Guypo talks about the subjects that have persisted through the last five years and the topics that will continue to grow in relevance in the future. He also shares some reflections on the hurdles of running a startup, and the pivotal moments that really made the difference. So to hear all this and more, from the one and only GuyPo, make sure to press play now! Follow UsOur WebsiteOur LinkedIn

A successful bug bounty program can play a pivotal role in the security strategy for a company but defining and running such a program requires structure and maturity within an organisation. Sean Poris, Senior Director of Cyber Resilience at Yahoo knows all about the anchor elements that you need in a bug bounty program and how to drive maturity of such a program. In this fascinating conversation, Sean goes deep into how bug bounties fit into their security philosophy, and how this program has been developed and adapted over time. From there, we turn to the actual structure of the security team, with our guest shedding some light on what is required from the different roles on the teams. He explains what the Deputy Paranoids stay busy with, and how they approach hiring and educating for this position. Follow UsOur WebsiteOur LinkedIn

The software supply chain is anything and everything that touches an application or plays a role in its development, from the beginning to the end of the software development life cycle (SDLC). As you might imagine, this makes software supply chain security a somewhat complicated task! Today, we are joined by returning guest, Adrian Ludwig, formerly of Nest and Android and now Chief Trust Officer at Atlassian, to discuss what ‘software supply chain security’ actually means, why it matters, and how you can help secure the supply chain of your product. As a self-described hacker in his early years, he was recruited by the Department of Defense at just 16-years-old, and worked with them for several years to find security flaws in cryptographic and computer network systems. He has a fascinating lens through which he views today’s topic and, as you’ll discover in this episode, he has a real talent for clearly and efficiently explaining very complex problems. To learn more about Adrian’s interesting take on SBOMs and find out which processes, tools, and practices to invest in, make sure to tune in today! Follow UsOur WebsiteOur LinkedIn

Nicole is a cyber security journalist and has covered many high-profile cases, such as the Russian hacking of nuclear power plants, North Korea’s attacks on movie studios, and Chinese government-sanctioned cyber-attacks around the globe. She is also the author of This Is How They Tell Me the World Ends, which provides readers with details about the most secretive, government-backed market in the world, cyberweapons. In this conversation, we learn why cybersecurity is such an essential topic for non-technical people, cyber security threats that exist within global supply-chain markets, and the definition of cyber hygiene. Hear some examples of high-profile cyber attacks, steps companies should take regarding cyber security, why cyber security stories rarely make headlines, and the human-behaviour element behind the problem. We also learn ways in which society and governments can act to overcome the challenges of cyber security, and what advancements are needed within the space. Tune in to learn everything you need to know about the undercover cyber threat and what you can do about it, with expert Nicole Perlroth! Follow UsOur WebsiteOur LinkedIn

In this episode, we are digging into Shift Left, what it really means, and how to accomplish it successfully. Sharing her insight is Rupa Parameswaran, head of security at Amplitude, and a security and privacy expert with 20 years of knowledge behind her.She works closely with business leaders to create relevant secure by design and secure by default controls that help businesses run efficiently, but also be secure. She shared with us how she has really successfully transformed the security mindsets in the engineering teams at Amplitude.Learn why Rupa wants developers and business owners to grow their understanding of security, and which metrics she uses to assess security success. Tune in to learn all about the evolving list of capabilities essential to security teams, and Rupa shares her thoughts about the future of security and standardization. Follow UsOur WebsiteOur LinkedIn

The Cloud Native Computing Foundation (CNCF) hosts critical components of the global technology infrastructure and has played a huge part in elevating the industry standard for security. They bring together top developers, end-users, and vendors, and also run the world’s largest open source developer conferences. Today on the show we’re thrilled to welcome Emily Fox, a Security Engineer, who also serves as the co-chair of the CNCF Technical Oversight Committee (TOC), and is involved in a variety of open source communities. In our conversation with Emily, we unpack the intricacies of Open Source security and vulnerabilities, as well as what she’s learned during her time with the CNCF. We discuss what participants can expect from the Global Security Vulnerability Summit, how you can get involved, and the project that Emily is most excited about. Finally, Emily shares her passion for ensuring that women join the technology sector and breaks down the crucial steps that will get us there. Tune in for a fascinating conversation on open source securities, vulnerabilities, and more! Follow UsOur WebsiteOur LinkedIn

Thanks for tuning in to a brand new episode of the Secure Developer! Joining us in conversation today is Peter Oehlert, Chief Security Officer at Highspot. We hear about Peter’s journey with Facebook, Smartsheet, and Microsoft, learn the difference between establishing a new security practice when there is an existing security culture and when there isn’t, and find out why taking ownership is more important than having all the necessary information. Peter is passionate about every aspect of product security, and tells the story of modeling for threats at Highspot, where he attributes one of his biggest challenges at any company to working with and educating people. Hear about the hurdles attached to dealing with the cloud, what has surprised him moving from security to CSO reality, and why it has been so important to have open communication in order to build the necessary bridges to navigate this change. Find out what he would do differently, what has changed within SaaS and product security over the past few years, and what direction he would take if he had access to unlimited resources. Tune in to hear all this and more today! Follow UsOur WebsiteOur LinkedIn

We’re switching it up in this episode and putting Guy Podjarny in the hot seat to answer all of your most pressing security questions! Following his astute prompts, Guy comprehensively explains everything from how startups can build in security with limited resources to how security teams need to transform going forward. We discuss the balance of security and usability, the security implications of quantum computing, and the role developers are predicted to play in DevSec. We also speculate how NoOps might affect DevOps and the potential of achieving zero trust for application security. For all of this and so much, tune in for an in-depth AMA with Guy as he answers all of your unanswered DevSecOps-related questions! Follow UsOur WebsiteOur LinkedIn

Today on the Secure Developer we speak with Lena Smart, Chief Information Security Officer (CISO) at MongoDB. Lena has extensive cybersecurity experience and has worked in the security space for over 20 years. We talk with Lena about how she first got started in security, why she gets so much satisfaction from being the first CISO at a company, and what she has loved most about working at MongoDB. In our conversation, we discuss core principles around supply chain security as well as supply chain risk and what these definitions mean for practical applications. We delve into the latest executive order from the current administration and discuss some of Lena’s insights on the topic. She explains why the government wants to move into automation and continuous monitoring, as well as what that process will entail. Tuning in you’ll learn more about the Information Technology — Information Sharing and Analysis Center (IT-ISAC), why Lena is such a big proponent of theirs, in addition to how they are helping private and public industries work together in a trusted environment. Lena also describes her Security Champions Program and some of the exciting developments that have occurred as a result of the program. To learn more about MongoDB, how to create a thriving security culture, and more, make sure you tune in today! Follow UsOur WebsiteOur LinkedIn