17 episodes

The Future of Application Security is a podcast for ambitious leaders who want to build a modern and effective AppSec program. Doing application security right is really hard and we want to help other experts build the future of AppSec by curating the best industry insights, tips and resources.

Future of Application Security Tromzo

    • Business
    • 5.0 • 1 Rating

The Future of Application Security is a podcast for ambitious leaders who want to build a modern and effective AppSec program. Doing application security right is really hard and we want to help other experts build the future of AppSec by curating the best industry insights, tips and resources.

    EP 17 — SolarWinds VP of Security Tim Brown: Behind the Scenes of the 2020 SolarWinds Breach

    EP 17 — SolarWinds VP of Security Tim Brown: Behind the Scenes of the 2020 SolarWinds Breach

    Those in IT, DevOps, and SecOps are all too familiar with the demands of a complex and dynamic technological landscape. For more than two decades, SolarWinds has helped technology professionals and organizations manage and adapt to an ever-expanding ecosystem of IT applications and infrastructure. 
    In this episode, Tim Brown, Vice President of Security at SolarWinds, gives us an insider view of the 2020 cyberattack where hackers slipped malicious code into the company's popular network management system and software program, Orion.  He shares how his team worked tirelessly to resolve the breach, and how this incident  has brought light to the software supply chain security issue and has helped strengthen the whole security industry. 
    Topics discussed:
    Tim’s perspective on the dependence of security maturity on engineering process or development process maturity 
    How the SolarWinds team handled the 2020 breach
    The importance of creating SBOMs for every application and learning to utilize the data to protect against security vulnerabilities
    Tim’s advice for security leaders working with a supply chain
    What supply chain security will look like in the next few years
    Links:
    SolarWinds hack explained: Everything you need to know
    SolarWinds breach: Lessons Learned & Practical steps

    • 34 min
    EP 16 — Mukund Sarma: How Chime Built a Scalable Product Security Program

    EP 16 — Mukund Sarma: How Chime Built a Scalable Product Security Program

    Chime, one of the fastest growing players in the financial technology space, has a mission of providing financial stability for their customers by eliminating many of the issues that come with traditional banking.
    In today’s episode, Mukund Sarma, Director of Product Security at Chime, shares how he helps his team address the challenges in building security programs, and maintaining a solid and proactive security culture within the company.
    Topics discussed:
    How Mukund got started in cybersecurity.
    His experience in building application security programs for FinTech companies. 
    Different approaches in risk mitigation in FinTech, product security, and application security.
    What product security is and how its definition differs from company to company.
    What skill set Mukund looks for when hiring engineering and security teams.
    How Chime’s internal Rails application, Monocle helps their team with strategic engineering and security decision making.
    Why Mukund opted for a gamified approach for their security processes.
    Why Mukund's team decided to integrate GitHub badges within Monocle.

    • 36 min
    EP 15 — Tejpal Garhwal: How Pegasystems Scales AppSec

    EP 15 — Tejpal Garhwal: How Pegasystems Scales AppSec

    Pegasystems’ Pega Platform is a powerful low-code platform for AI-powered decisioning and workflow automation. The platform makes it easier for enterprises to work smarter, unify experiences, and quickly adapt. As a publicly traded company with a multi-billion dollar market cap,  more than 6,000 employees, and a global customer base, security is critical to the success of the company. 
    In this episode of the Future of Application Security podcast, Harshil speaks to Pegasystems’ Director of Application Security, Tejpal Garhwal to learn about how Pega approaches AppSec. With a strong software development background and deep expertise in Application Security, Tejpal has spent his career managing multiple security and dev teams and setting the direction for information security application architecture, policy and processes within the organization.
    Topics discussed:
    Tejpal's career transition from Software Development to Application Security
    Tejpal’s 30-60-90 day strategy in strengthening and standardizing security processes and building a secure SDLC
    The benefits of shifting left and developing a good security culture mindset 
    Management and optimization of an application security operation on a large scale
    How Tejpal encourages collaboration between the security and development teams
    Using quality security gates/guardrails/etc. to ensure code integrity
    Tejpal’s thoughts on the future of application security

    • 33 min
    EP 14 — Mark Stanislav: How FullStory Continuously Measures and Improves Its Product Security Maturity

    EP 14 — Mark Stanislav: How FullStory Continuously Measures and Improves Its Product Security Maturity

    FullStory’s mission is to equip organizations with the information they need to deliver perfect digital experiences. To deliver on that mission, their platform captures customer experience data based on understanding browser interactions. In order to capture that data, it must have a position on the end user’s browser which requires a high level of customer trust. 
    To ensure its service is delivered securely and that trust is maintained, the company has devoted significant resources to developing a robust Product Security Program. 
    On today’s episode of the Future of Application Security, Harshil speaks with FullStory’s VP of Product Security and Compliance, Mark Stanislav to learn more about how the company has approached building and scaling its Product Security Program. 
    Topics Discussed: 
    How Mark defines Product Security.
    Why FullStory runs maturity models every quarter. 
    How to use maturity models to demonstrate your Product Security Programs progress and justify further investment. 
    Why shifting-left is critical for all teams looking to scale their Product Security Program.  
    How FullStory built a culture of engineers who love security.  
    What most get wrong about vulnerability and risk management.
    Why Product Security teams need to own the triaging and prioritization.

    • 37 min
    Ep 13 — Daniel Harvey: How to Shift from Application Security to Product Security

    Ep 13 — Daniel Harvey: How to Shift from Application Security to Product Security

    The pace of software development has increased dramatically over the past ten years and the traditional approach to application security has struggled to keep up. With modern development going from code to cloud within hours, manual security checks and  code reviews run the risk of slowing down releases and creating more tension between developers and security teams. 
    To reduce this friction, organizations are shifting from the traditional application security approach to a more modern approach where security policies and controls are embedded in developer workflows. 
    To learn more about this shift, in today’s episode of the Future of Application Security, Harshil speaks to Daniel Harvey, an industry veteran with more than 13 years in AppSec. Most recently, Daniel was the Director of Product Security at InVision. Prior to InVision, Daniel worked on AppSec teams at organizations including Clayton Homes, Citi, Elavon, and Discovery. 
    Topics Discussed: 
    Daniel’s shift from application security to product security 
    The importance of building default security features within a product 
    How to make product security a business enabler 
    The key changes in the application security landscape
    How to build the relationship between security and development and how to find balance in collaboration
    The need to map and tie code ownership to identity management systems
     

    • 28 min
    EP 12 — Rajat Bhargava: How Stripe Built a Highly Scalable AppSec Program

    EP 12 — Rajat Bhargava: How Stripe Built a Highly Scalable AppSec Program

    Stripe is the most valuable private startup in the United States with a market valuation of more than $95 billion. With more than 2 million customers spread across 46 countries and nearly 10,000 employees, the scale of Stripe is hard to fathom. To retain its position as the market leader, Stripe must continue to rapidly ship new products while at the same time ensuring those products are secure. 
     
    To learn more about how Stripe has scaled their AppSec Program to keep up with the pace of development, in today’s episode, Harshil speaks with Stripe's Application Security Manager, Rajat Bhargav. Prior to joining Stripe in 2021, Rajat worked as a software engineer at Citi and Monsanto before transitioning to security where he has worked on AppSec teams at companies like eBay, Walmart, Netflix, and Twitter. 
    Topics Discussed: 
     
    How to get developers engaged and interested in security (based on Rajat’s experience as a developer). 
    How Stripe uses context to help developers prioritize the vulnerabilities that actually matter. 
    How secure-by-default/security guardrails makes it easier for developers to not have to think too much about security. 
    Three pieces of advice for up-and-coming AppSec professionals and leaders. 
    Resources mentioned: 
    Scaling Appsec at Netflix 
    Locomocosec.com

    • 28 min

Customer Reviews

5.0 out of 5
1 Rating

1 Rating

Halfas ,

Fantastic!

Awesome podcast! Hot

Top Podcasts In Business

Coaching.lt
Steven Bartlett
The Futur
Маклахов Никита
Oaktree Capital Management
Таисия Кудашкина

You Might Also Like

Security Weekly
Anton Chuvakin
TWiT
Jack Rhysider