Let's Talk AppSecOps

ArmorCode
Let's Talk AppSecOps

Agile DevOps, Cloud Deployment, Microservices, and Open Source have all dramatically accelerated application delivery and complexity. Today’s AppSec teams, outnumbered by as much as 100:1 by developers, depend on a collection of point security products and siloed manual processes. This leaves them struggling to gain the visibility, insight, and process scale they need to identify and protect the always changing and growing application risk surface.   This resulting AppSec Chaos means applications ship fast without the assurance of shipping securely, leaving the organization at risk of breaches and losses. Welcome to the Let's Talk AppSecOps show, where we bring discussions with security thought leaders and practitioners and software development minds from leading enterprises to talk about their concerns, case studies, and best practices in operationalizing application security.  This show is hosted by ArmorCode experts. It talks about how security and development teams can work together and implement practical security measures. Mark Lambert is a AppSecOps Evangelist and VP of Products at ArmorCode, breaking down the communication barrier between Developers and Security experts to help organizations adopt and scale security practices within their development teams. Mark is passionate about applying technology innovations to solving real world business problems. For the last 20 years, he has been working with the world's leading brands to streamline the delivery of secure, reliable and compliant software applications across Enterprise IT and Embedded/IoT markets.Mark has been invited to speak at numerous industry events, and been published in industry media. Luis is a Senior Solutions Engineer at ArmorCode and he comes from a background that includes names big and small. His technical skills have been forged in the fires of prospects and clients alike. Luis's diverse skill set includes the ability to explain technology to non-technical audiences, set up a “pizza box” in a freezer, cook a perfect elk steak over a mesquite-fueled grill, and spend late nights in a war-room!   His plethora of application security skills and ability to social engineer the feathers off an owl, serves him well as our Senior Solutions Engineer! Nikhil Gupta is co-founder and CEO of ArmorCode. He is a successful serial entrepreneur with more than 25 years of experience. Prior to founding ArmorCode, Nikhil was CEO and Co-founder of Avid Secure which was acquired by Sophos. Avid Secure built a marketing-led AI-powered multi-cloud security and compliance platform. Nikhil has held several leadership positions in VMWare, Cisco, ForeScout, Ericsson (joined through the acquisition of Entrisphere), Alcatel, And Bell Labs. Nikhil holds an MBA from Columbia Business School and BS and MS in Computer Science.  LingRaj Patil is the Head of Marketing at ArmorCode and a renowned speaker and business growth leader with 20+ years of experience spanning engineering and marketing in Seed, Series A/B/C/D, Unicorn, and Fortune 500 companies. He is a guest speaker on Marketing and Entrepreneurial Strategy at Stanford University. He has a passion for building communities that bring thought leaders and practitioners together to rally around the challenges and opportunities they present. He is also the Executive Chair of the Purple Book Community, a community of software security leaders who are on a mission to build more secure software.   Let this show be your guide to hearing inspiring stories of leaders building secure software against odds, hearing insightful case studies, and getting to know more about the leaders who make it all happen. With the software demand increasing nonstop, now is the right time to tune in.   Find show episodes at www.armorcode.com/lets-talk-appsecops.

Episodes

  1. 10/27/2022

    Factors in Prioritization

    Prioritizing threat/vulnerability findings takes thought, a satellite cam, and a microscope if you don't have an AppSecOps platform at work. There's a lot to consider: criticality variance across tools (they don't come normalized out of the box), threat intelligence on CVEs, and tool/technique weight factors, for starters. A major concept is the context around the app/sub-app/module associated with a finding. The software's dependencies, environment, provenance, and the sensitivity of its data are just a few values that affect priority. That context dictates resource alignment, while risk scoring influences specific tactical activities thereafter. About ArmorCode We develop, sell, and deliver the world’s first and leading AppSecOps platform to our customers, along with the expertise, support and community they need to ship secure software and ship it fast. The ArmorCode platform brings together powerful AppSec Posture, Vulnerability, and Compliance Management with DevSecOps workflow automation. _____________________________________________________ Follow us www.armorcode.com LinkedIn: https://www.linkedin.com/armorcode Twitter: https://twitter.com/code_armor _____________________________________________________ About AppSecOps What is AppSecOps? https://www.armorcode.com/what-is-appsecops The State of AppSecOps Report: https://www.armorcode.com/state-of-appsecops-2022 AppSecOps Research from Enterprise Strategy Group: https://www.armorcode.com/esg-appsecops-showcase

    6 min
  2. 10/06/2022

    Short Release Cycles: Pros & Cons

    A short release cycle has myriad benefits: faster delivery to market for new functionalities, and swiftly-improving accuracy toward goals (what we call Agile) chief among them. And from a security perspective, a quick reaction time to zero-day threats thanks to a well-oiled assembly line is invaluable. But, of course, there are drawbacks: like a lack of cohesion and communication between security and dev teams, and unequal pressure on AppSec to quicken their side of SLAs. As Luis points out, we discovered in our State of AppSecOps Report that the ship cycle sweet spot is 1-2 weeks (most often 2), wherein security can be effectively balanced with engineering initiatives. About ArmorCode We develop, sell, and deliver the world’s first and leading AppSecOps platform to our customers, along with the expertise, support and community they need to ship secure software and ship it fast. The ArmorCode platform brings together powerful AppSec Posture, Vulnerability, and Compliance Management with DevSecOps workflow automation. _____________________________________________________ Follow us www.armorcode.com LinkedIn: https://www.linkedin.com/armorcode Twitter: https://twitter.com/code_armor _____________________________________________________ About AppSecOps What is AppSecOps? https://www.armorcode.com/what-is-appsecops The State of AppSecOps Report: https://www.armorcode.com/state-of-appsecops-2022 AppSecOps Research from Enterprise Strategy Group: https://www.armorcode.com/esg-appsecops-showcase

    9 min
  3. 10/06/2022

    The SBOM Movement

    The SBOM Movement has gained huge attention in just half a year. Whether as an external dependency of a developing product or a mission-critical tech stack component, inbound software has provenance (and often, vulnerabilities) that need to be reported for security downstream. US and foreign government support, as well as executive action, have done so much to stir awareness of these supporting docs. Many are ready to embrace it as standard—but 2/3ʳᵈˢ or more organizations still are unaware of new SBOM mandates. Luis Guzmán explains why the future for SBOMs is bright but still has ways to go before reaching mass supply chain adoption. About ArmorCode We develop, sell, and deliver the world’s first and leading AppSecOps platform to our customers, along with the expertise, support and community they need to ship secure software and ship it fast. The ArmorCode platform brings together powerful AppSec Posture, Vulnerability, and Compliance Management with DevSecOps workflow automation. _____________________________________________________ Follow us www.armorcode.com LinkedIn: https://www.linkedin.com/armorcode Twitter: https://twitter.com/code_armor _____________________________________________________ About AppSecOps What is AppSecOps? https://www.armorcode.com/what-is-appsecops The State of AppSecOps Report: https://www.armorcode.com/state-of-appsecops-2022 AppSecOps Research from Enterprise Strategy Group: https://www.armorcode.com/esg-appsecops-showcase

    5 min

About

Agile DevOps, Cloud Deployment, Microservices, and Open Source have all dramatically accelerated application delivery and complexity. Today’s AppSec teams, outnumbered by as much as 100:1 by developers, depend on a collection of point security products and siloed manual processes. This leaves them struggling to gain the visibility, insight, and process scale they need to identify and protect the always changing and growing application risk surface.   This resulting AppSec Chaos means applications ship fast without the assurance of shipping securely, leaving the organization at risk of breaches and losses. Welcome to the Let's Talk AppSecOps show, where we bring discussions with security thought leaders and practitioners and software development minds from leading enterprises to talk about their concerns, case studies, and best practices in operationalizing application security.  This show is hosted by ArmorCode experts. It talks about how security and development teams can work together and implement practical security measures. Mark Lambert is a AppSecOps Evangelist and VP of Products at ArmorCode, breaking down the communication barrier between Developers and Security experts to help organizations adopt and scale security practices within their development teams. Mark is passionate about applying technology innovations to solving real world business problems. For the last 20 years, he has been working with the world's leading brands to streamline the delivery of secure, reliable and compliant software applications across Enterprise IT and Embedded/IoT markets.Mark has been invited to speak at numerous industry events, and been published in industry media. Luis is a Senior Solutions Engineer at ArmorCode and he comes from a background that includes names big and small. His technical skills have been forged in the fires of prospects and clients alike. Luis's diverse skill set includes the ability to explain technology to non-technical audiences, set up a “pizza box” in a freezer, cook a perfect elk steak over a mesquite-fueled grill, and spend late nights in a war-room!   His plethora of application security skills and ability to social engineer the feathers off an owl, serves him well as our Senior Solutions Engineer! Nikhil Gupta is co-founder and CEO of ArmorCode. He is a successful serial entrepreneur with more than 25 years of experience. Prior to founding ArmorCode, Nikhil was CEO and Co-founder of Avid Secure which was acquired by Sophos. Avid Secure built a marketing-led AI-powered multi-cloud security and compliance platform. Nikhil has held several leadership positions in VMWare, Cisco, ForeScout, Ericsson (joined through the acquisition of Entrisphere), Alcatel, And Bell Labs. Nikhil holds an MBA from Columbia Business School and BS and MS in Computer Science.  LingRaj Patil is the Head of Marketing at ArmorCode and a renowned speaker and business growth leader with 20+ years of experience spanning engineering and marketing in Seed, Series A/B/C/D, Unicorn, and Fortune 500 companies. He is a guest speaker on Marketing and Entrepreneurial Strategy at Stanford University. He has a passion for building communities that bring thought leaders and practitioners together to rally around the challenges and opportunities they present. He is also the Executive Chair of the Purple Book Community, a community of software security leaders who are on a mission to build more secure software.   Let this show be your guide to hearing inspiring stories of leaders building secure software against odds, hearing insightful case studies, and getting to know more about the leaders who make it all happen. With the software demand increasing nonstop, now is the right time to tune in.   Find show episodes at www.armorcode.com/lets-talk-appsecops.

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes, and get the latest updates.

Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada