Build Amazing Things (securely‪)‬ Laura Bell Main

In this episode of "Build Amazing Things Securely," host Laura Bell Main sits down with Andrew from Teko. Andrew shares his journey from software development to application security, highlighting his burnout experience and subsequent career pivot. He discusses the importance of understanding and integrating into teams' existing processes, using techniques like Rosebud Thorn for cultural and security growth. Andrew emphasizes learning from mistakes, the value of different perspectives in AppSec, and the future direction of the field.
Key Points:Andrew's Background: Transition from software development to a focus on data analytics and application security.Burnout and Recovery: Andrew's experience with burnout and how it reshaped his career focus towards people and helping others.Integrating Security into Development: Strategies for seamlessly integrating security measures into existing software development processes.Rose Bud Thorn Technique: Utilizing this method for understanding team dynamics and improving security culture.Future of AppSec: Andrew's insights into the evolving role of application security as a facilitator and enabler within development teams.
Homework (Recommended Actions):Reflect on Team Processes: Use the Rosebud Thorn technique to identify areas of strength, growth, and challenges within your team.Learn from Mistakes: Encourage a culture where making and learning from mistakes is valued.Adopt User-Centric Security: Consider how security measures impact the end user and integrate them thoughtfully into your development process.Stay Informed: Keep up with the evolving trends in application security to remain effective and relevant in your field.
Relevant Links:https://easyretro.io/templates/rose-bud-thorn/https://tayko.io/https://www.linkedin.com/in/andrew-wheatley-55247225/
DYjSn56zeT31N17Upavk

Episode Summary: "Unveiling the Layers of Database Security"In this episode of "Build Amazing Things Securely," host Laura Bell Main engages in a fascinating conversation with Dejan from RavenDB. Broadcasting from Serbia, Dejan provides insightful perspectives on database security, the importance of encryption, and the nuances of building stable, secure database systems. The episode traverses various aspects of database management, emphasizing how ease of use and built-in security can revolutionize database interaction for developers.
Key Points1. **The Evolution of RavenDB**: RavenDB's creation was driven by a desire to solve recurring issues in relational databases, aiming for a "boring" yet reliable database experience.
2. **Security by Design**: Emphasizes the concept of 'Secure by Default,' ensuring the database is secure upon setup and requires conscious effort to make it less secure.
3. **Encryption Challenges**: Discusses the complexities and considerations in database encryption, including performance impacts and the necessity of securing backups.
4. **Pragmatic Database Choices**: Advises on choosing database technologies suited to specific needs, urging a balance between innovation and practical application.
5. **Transparency and Usability in Security**: Stresses making security features user-friendly to encourage their widespread adoption.
Links and Resources- RavenDB Website: Explore more about RavenDB at [RavenDB.net](https://ravendb.net)
- GitHub Discussions: Engage with the RavenDB community and find Dan on GitHub discussions for RavenDB.

Homework- **Identify Your HIPPO**: Reflect on your own decision-making processes in software development. Recognize personal biases and opinions that might influence your choices.
- **Explore RavenDB**: Visit RavenDB's website and GitHub discussions to understand more about their database solutions and community insights.
- **Engage with the Podcast**: Subscribe to the podcast, share comments, and suggest potential guests or technologies that you’d like to see featured in future episodes.
- **Security Consciousness**: In your projects, assess how security is integrated. Aim for solutions that are secure by design and default, and consider the impact of every step in your operational procedures.

Episode SummaryIn this episode of "Build Amazing Things Securely," host Laura Bell Main interviews Anthony Maley from vouch.io. They delve into Anthony's background, his journey from the UK to Belgium, and eventually to the US, as well as the innovative and secure solutions offered by vouch.io. Anthony discusses the challenges and advancements in creating offline-first, shareable security frameworks, emphasizing the need for human presence in increasingly autonomous technological landscapes.
Key Points1. **Anthony Maley's Background**: Co-founder and CEO of vouch.io, Anthony shares his journey from the UK to Belgium and the US, his musical hobbies, and his professional experience in leading tech roles.
2. **vouch.io's Mission**: They focus on establishing human presence in autonomous technology, ensuring secure and offline verifiable transactions.
3. **Technology Overview**: vouch.io's product endorses existing identities using biometrics and blockchain, enabling offline, secure transactions and ownership assertions in various industries, including automotive and financial services.
4. **Security and Privacy**: The discussion covers the importance of data privacy, the avoidance of data centralization, and the ways vouch.io ensures user security.
5. **Potential and Challenges**: They explore the vast potential of vouch.io's technology in multiple sectors and the balance between innovation and privacy concerns.
Links and Resources- vouch.io website: https://www.vouch.io
- Strange Loop Conference, St. Louis: https://www.thestrangeloop.com

Homework- Visit vouch.io for more information on the technology and its applications.
- Engage with the podcast through likes, subscribes, and comments.
- Suggest potential guests or technologies that are making significant impacts across various fields.

Additional NotesListeners are encouraged to explore how the intersection of technology and security is evolving and to consider the implications of these advancements in their professional and personal lives.

Episode SummaryIn this episode of "Build Amazing Things Securely," host Laura Bell Main interviews Tanya Janca, a prominent figure in the DevSecOps community. Tanya shares insights from her journey in software development to security, emphasizing the importance of secure software. She discusses common pitfalls in DevSecOps and shares lessons from her extensive experience consulting with over 400 companies.
Key PointsTanya Janca's Background: Transition from a software developer to a security professional, now working at Semgrep and focusing on community engagement and training.Common DevSecOps Mistakes: Breaking builds on false positives, neglecting security in the SDLC, and the lack of sharing mistakes within the industry.Approach to Security: Emphasizing practical and incremental approaches to implementing security tools and processes in the development lifecycle.Importance of Sharing Mistakes: Advocating for openness about security failures to learn and improve collectively in the industry.Recommendations for Teams: Start with security training relevant to job roles and gradually integrate security practices throughout the development lifecycle.
Links and ResourcesTanya Janca's Blog and Newsletter: SheHacksPurpleSemgrep: WebsiteAyaan's Research: Phone-a-Friend Security ConsultingOne Hour AppSec Program: onehourappsec.com
HomeworkEvaluate Security Tools: Assess if they are configured correctly and not just breaking builds on false positives.Improve SDLC Security: Incorporate security practices throughout the development lifecycle, not just in the coding phase.Foster Openness About Mistakes: Share lessons learned from security failures within your organization to foster collective learning.

Episode SummaryIn this episode of "Build Amazing Things Securely," host Laura Bell Main speaks with Joey Stanford, Vice President of Data Privacy and Compliance at Platform.sh. Joey shares his journey from starting as the only person in his role to leading a substantial team focused on privacy and compliance. He emphasizes the importance of building trust with customers and how this aligns with the company's values, including their commitment to environmental sustainability and being good custodians of customer data.
Key PointsJoey Stanford's Background: From starting as a solo practitioner in privacy and security to leading a large team.Platform.sh: A cloud-hosting platform offering a fully automated DevOps environment, with a focus on efficiency, performance, and reducing carbon footprint.Approach to Privacy and Compliance: Adopting a GDPR-everywhere model, applying GDPR standards globally, and undergoing third-party certifications to build customer trust.Sustainability in Tech: Linking security and privacy with sustainability, and the company's initiatives towards environmental friendliness.Building Trust with Customers: Emphasizing the importance of being trustworthy and transparent and how this impacts customer relationships and business success.
Links and ResourcesPlatform.sh: WebsiteGDPR (General Data Protection Regulation): InformationEcovadis: Sustainability RatingGreenly: Environmental CertificationForrester TEI Report: Resource
HomeworkAdopt a Comprehensive Privacy Framework: Like GDPR, and apply it across all operations, regardless of the region.Focus on Building Trust: Prioritize customer trust in your product and company through transparency and compliance.Consider Environmental Impact: Align security and privacy practices with environmental sustainability.

Episode SummaryIn this episode of "Build Amazing Things Securely," host Laura Bell Main talks with Ben Goodman, founder and CEO of DragonDrop Cloud and the maintainer of Cloud Concierge. Ben discusses his journey from an economics and computer science background to becoming a tech entrepreneur. He shares insights into the importance of automating developer best practices using infrastructure as code tools like Terraform, highlighting the benefits for security, cost, and operational efficiency.
Key PointsBen's Background: Transition from economics and data science to technology and entrepreneurship.Automation of Infrastructure as Code: Focusing on solving manual tasks in cloud infrastructure using Terraform.DragonDrop Cloud: Developing a solution to identify and manage changes in cloud infrastructure outside of the infrastructure as code workflow.Challenges in Cloud Security: Discussing the risks of manual changes in cloud environments and the importance of consistent infrastructure management.The Future of Infrastructure as Code: Looking at proactive scanning and CI/CD pipeline integration for cloud deployment.
Links and ResourcesDragonDrop Cloud: Visit the WebsiteCloud Concierge: GitHub RepositoryDevOps Days Buffalo: Conference Information
HomeworkEmbrace Infrastructure as Code: Start using tools like Terraform to manage your cloud infrastructure for better security and efficiency.Monitor Cloud Changes: Be vigilant about unauthorized or manual changes in your cloud environment to maintain security and cost control.Contribute to Open Source: Engage with projects like Cloud Concierge to understand and improve cloud infrastructure management practices.