The Secure Developer

As the year of 2021 draws to a close, we use this episode to look back on the last 12 months, and Guy is joined by Simon Maple to go through some reflections on the major themes, lessons, and takeaways from the show! Simon takes on the role of host, turning the microphone around and probing Guy for his highlights from the 22 episodes we aired during the year. We are so happy to have been able to have these conversations, hosting interesting chats with experts from many different backgrounds and positions, and as we see in this year-end review, there are so many exciting and inspiring changes happening in the DevSec world! Guy talks about hiring people with development experience for security work, the need for empathy, how to adapt education about security for developers, and more. We also have time to look forward to the new year, imagining some of the challenges and key areas we will encounter together. A big thank you to all our listeners for tuning in this year, and here's to another year of insightful conversations and progress in the space! Follow UsOur WebsiteOur LinkedIn

Today on The Secure Developer, we look at how to modernize security in DevSecOps. To guide us through this, we are joined by Tim Crothers, Senior Vice President and Chief Security Officer at Mandiant. Tim is a seasoned security leader with over 20 years of experience building and running information security programs, large and complex incident response engagements, and threat and vulnerability assessments. He has a wealth of experience in cyber threat intelligence, reverse engineering, and computer forensics. He has authored 17 books to date and presents regular training and speaking engagements at information security conferences. As someone who has been in the world of IT since the 80s, Tim explains how he has seen DevSecOps evolve over time, how security has changed its approach over the years, and what DevSecOps means to him. We discuss the differences between controls and guardrails, how often developers are allowed to override guardrails, and to what degree these are left to the decisions of development teams. To find out what Tim considers to be the optimal setup for the split of responsibility between development teams and security teams, what he looks for when hiring new people into his product security team, and what his top three KPIs are, tune in today! Follow UsOur WebsiteOur LinkedIn

Welcome back to another installment of The Secure Developer, where we have another fascinating conversation lined up! Today your host Guy Podjamy sits down with Rohit Parchuri, Chief Information Security Officer at Yext, to pick his powerhouse brain about DevSecOps frameworks. Rohit is an accomplished security leader with an established record building, structuring, and institutionalizing security principles and disciplines in the cloud hosting, network hardware, cloud software, and healthcare domains. In this episode, the listener hears a comprehensive understanding of the differences between a health platform and a tech platform, the crucial component of building a culture or security mindset across a company, and the challenges of weaving security into fast-paced and leading-edge organizations. We then touch on the 3 frameworks which Rohit delineates before he starts building a program, before diving deep into the different approaches needed for more heavily regulated industries versus the less regulated spaces. Plus, you'll get a sneak peek into Rohit's favorite interview question, and his hard-won take on the need for dual skills in security as well as the programming landscape. Finally, we look to the future and hear some exciting and pretty accurate projections into what cybersecurity will look like in 5 years time. Press play to hear all this and more! Follow UsOur WebsiteOur LinkedIn

Welcome to another episode of the Secure Developer! During today’s conversation, Guy Podjarny, founder of Snyk, speaks with Liz Rice, Chief Open-Source Officer with eBPF pioneers Isovalent, where she works on the Cilium project, which provides cloud native networking, observability and security. They touch on plenty of current and relevant topics, with a focus on eBPF and the CNCF and its role in security. You’ll hear all about her role and her journey into the world of cyber security, and what it was like to transition into the sometimes intimidating world of security. We touch on why containers are essentially just processes, and Liz gives us an introduction to eBPF, how it benefits security, and the renaissance it is currently experiencing. Liz tells us all about her work at CNCF and the Technical Oversight Committee, and how it is building much of the foundation for cloud native computing. Join us today to hear all this and more! Follow UsOur WebsiteOur LinkedIn

In early 2021, Codecov experienced a serious security breach, and today on the show we are joined by their CEO and CTO to get an insider's perspective on the events! We have an enlightening conversation with Jerrod Engelberg and Eli Hooten about what exactly happened, how they reacted, and the important foundations that were already in place that allowed them to handle it in the way that they did. This extra special episode is jam-packed with useful reflections and lessons for listeners from all backgrounds, and just hearing how it all played out is worth the admission alone. Our guests talk about the central importance of the human element to security work, how conversations with the internal and external network connected to the company were key to their process, and why transparency trumps all other concerns for Codecov. We also get into some of the ethics and important conversations that need to happen before any danger is even detected! So to hear all this, and a whole lot more, on a vital, first-hand experience, join us today! Follow UsOur WebsiteOur LinkedIn

Today we have a great conversation with DJ Schleen, who is the Vice President of Infrastructure and Developer Operations at VillageMD! DJ is an experienced DevOps practitioner, currently working as a security advocate, in his role at VillageMD in the healthcare industry. We get to have a very interesting conversation about the broad state of security and hear about his route into the professional world. DJ transitioned from the early days of hacking into web design, and then brought these skills to his career in security! We talk about some of his best practices for keeping a team on track, how he goes about improving and increasing security, and the end goal of working towards a proactive approach instead of a reactive one. DJ has an impressive track record providing thought leadership to organizations looking to integrate security into their DevOps practices, and his background as a practitioner has provided him with a strong foundation for this. DJ specializes in building progressive apps for security programs, automating security in DevOps environments, and breaking down organizational silos that inhibit the delivery of safer software. So to hear all about his work and thoughts on the field in general, listen in with us today! Follow UsOur WebsiteOur LinkedIn

When we started this show, we set out to create a stage for security leaders and practitioners to share their learnings and perspectives. It was our hope that we could all learn from one another and have open conversations that are not commonly had in the security community. So, to celebrate our 100th episode, we have compiled some incredible pearls of wisdom from previous guests. At the end of each show, Guy always asks guests to share one piece of advice for those looking to level up their security teams. From focusing on current threats to having a diverse team to putting effort into your personal development, there is a wide range of themes that guests have touched on. We are so incredibly grateful to everyone who has given us their time, and helped us see the positive side of security! Follow UsOur WebsiteOur LinkedIn

An initial passion for networking and telecommunications led today’s guest on a journey into the world of security. After gaining experience building security from the ground up in a few companies, he is now working as the chief information security officer (CISO) at LinkedIn. Geoff Belknap, in his second appearance on The Secure Developer, dives into the elements which he believes are key to a successful security organization, and a successful company as a whole (hint: flexibility and adaptability are non-negotiable!). We discuss the process of identifying security problems, who owns the risks, and why security is such a difficult thing to measure. Geoff also shares his perspective on changes that he expects to see happening in the CISO realm in the future, and offers some advice for any CISO’s trying to decide which company to work for. Follow UsOur WebsiteOur LinkedIn

The security of your software all starts with the code. If you’re wondering how we better educate developers on security and teach them to develop more secure code, well, this is the episode for you! Guy Podjarney sits down with Jet Anderson from Nike to discuss education, specifically security education, why it matters, and how to get it right. Jet is a secure software architect, writer, speaker, and evangelist of DevSecOps. A former software engineer on a mission to teach today’s developers to write secure code as part of modern DevOps pipelines, at speed and at scale, he is also the host of a weekly podcast and training program at Nike, known as Code Doctor. Tuning in, you’ll find out why Jet considers himself a developer advocate at Nike, why he chose to invest in security education for developers, and some core principles for training success, as well as the value of informal learning and whether or not gamification is a game changer. Make sure not to miss this episode! Follow UsOur WebsiteOur LinkedIn

In episode 97 of The Secure Developer, Guy Podjarny speaks to Joshua Gamradt, director of rugged DevOps at UnitedHealth Group, to discuss how Joshua’s work aligns with his desire to foster greater collaboration across departments, using gamification and empathy. We dive into Joshua’s approach to customer-centric security solutions and how their company is using empathy and gamification to pursue that. One fundamental element of his approach is investing in individuals across departments to create a holistic language and understanding of security, and Joshua explains the necessity of classroom learning for engineers and how gamification is applied to generate excitement around learning. Joshua has already seen tremendous results thanks to the improved communication, empathy, and enthusiasm across departments! For all this and more, join us today! Follow UsOur WebsiteOur LinkedIn