Episódios
-
In this episode, Clint interviews Mike Hanley, Chief Security Officer and SVP of Engineering at GitHub. They discuss the importance of balancing engineering and security, and how GitHub focuses on building secure defaults. Mike also shares how GitHub uses AI internally, including the use of GitHub Copilot for code generation and other AI capabilities in their product features. They explore the potential impact of AI on cybersecurity and the need for organizations to embrace AI to enhance productivity and security. The conversation explores the potential of AI in developer tools and its impact on security. It emphasizes the importance of human oversight and the need to address legacy code and infrastructure. The future of shifting left and the role of AI in security education are also discussed. The conversation concludes with a discussion on AI's potential in code refactoring and the future of cybersecurity and development.Takeaways-Balancing engineering and security is crucial for effective and secure software development.-Building secure defaults and embedding security in the development process can lead to better security outcomes.-AI can be used to enhance productivity and security in software development, such as with GitHub Copilot.-AI has the potential to transform workflows in areas like incident response and code scanning. AI has tremendous potential in developer tools and is still in the early stages of development.-AI can improve security practices but should not replace human oversight and traditional security measures.-The future of shifting left involves integrating security practices earlier in the development process.-Fine-tuning AI for custom use cases and addressing legacy code and infrastructure are important challenges.-AI can play a significant role in security education and code refactoring.-The future of cybersecurity and development will involve a combination of AI and human expertise.Chapters00:00 Introduction and Background03:15 Balancing Engineering and Security08:10 Building Secure Defaults13:41 The Role of AI at GitHub25:19 AI Applications in Security32:02 Impact of GitHub Copilot32:30 The Potential of AI in Developer Tools34:04 The Impact of AI on Security36:18 The Importance of Human Oversight39:09 The Future of Shifting Left40:21 Fine-Tuning AI for Custom Use Cases41:36 Addressing Legacy Code and Infrastructure43:20 The Need for AI in Security45:32 The Role of AI in Security Education46:42 AI's Potential in Code Refactoring50:03 The Future of Cybersecurity and Development
-
In this episode, Clint and Rob Wood, Chief Information Security Officer at the Centers for Medicare and Medicaid Services (CMS), discuss scaling and managing security at a massive scale in a government setting. They explore the challenges of working with vendors, incentivizing behavior, and building centralized platforms and data ingestion pipelines.
Chapters
00:00 Introduction and Scaling Security at Massive Scale
09:13 Context and Incentives in Government
19:19 Incentivizing Behavior and Initiatives
38:50 Building a Centralized Platform as a Service
47:23 Data Ingestion Pipeline and Security Data Lake
57:27 Onboarding Data Sources and Teams
58:26 Moving Away from Legacy Infrastructure
59:25 Focus and Clean Pipelines
01:00:21 Making Security a People-Aligned Function
-
Estão a faltar episódios?
-
In this next episode of the #modernsecuritypodcast, Clint and Letty Lourenco discuss the importance of user experience in security and how to create secure and user-friendly products. They explore the concept of secure by default and the need for secure defaults and self-service options. The conversation concludes with advice on educating and onboarding users, making security usable, and collecting user feedback.Takeaways-User experience is crucial in security, and products should be designed with secure defaults and self-service options.-Building a cross-functional security team that includes both security experts and developers can help create robust and user-friendly security solutions.-Applying product principles, such as secure by default and actionable guidance, can enhance the user experience in security.-Leveraging established design patterns and information architecture can help create effective and reusable self-service patterns in security. Effective communication and clear instructions are crucial in security to ensure users understand what actions to take.-Just-in-time guidance can enhance the user experience by providing relevant instructions in the context of the task at hand.-Learning from other industries and their guidance patterns can help improve security communication and design.-The user experience design process involves collaboration, research, testing, and iterative feedback to create effective and usable security solutions.-Educating and onboarding users from the beginning helps establish security practices and make security a priority.-Making security usable for users requires removing complexity and using language and analogies that resonate with them.-Collecting user feedback and listening to users' needs and concerns is essential for improving security solutions.Chapters
00:00 - Secure by Default04:12 - Building a Cross-Functional Security Team11:20 - User Experience in Security24:10 - Security-Flavored User Experience Strategies and Examples45:38 - Applying Right Size Privilege Principle50:02 - Creating an Effective and Reusable Self-Service Pattern53:54 - Effective Communication and Clear Instructions57:22 - Just-in-Time Guidance59:14 - Learning from Other Industries01:03:02 - User Experience Design Process01:09:31 - Iterative Feedback and Design Review01:12:23 - Educating and Onboarding Users01:13:51 - Making Security Usable for Users01:15:19 - Abstracting Complexity and Collecting User Feedback
-
In this episode of the Modern Security Podcast we were joined by Jamie Finnigan, Director of Product Security @HashiCorp , and discussed how the security team prioritizes their time, rolling out developer-friendly security tooling, and much more. 2:08 - Intro to Jamie Finnigan7:41 - The Product Security Org at HashiCorp 11:27 - How do you determine what to focus on?16:40 - What does success look like for security at HashiCorp20:50 - The difference between outputs and outcomes25:52 - The Creation of Bandit30:37 - HashiCorp Product Security Model34:14 - Developer-Friendly Security Tooling 39:56 - Tool selection46:09 - Eliminating SSRF via Secure Defaults53:22 - Overview of the Secure Defaults Approach59:16 - Empathy in Security
-
In this episode of the Modern Security Podcast, we interviewed John Steven about scaling security teams and implementing secure by default culture. 6:23 - Intro to John Steven 9:28 - Interesting efforts with AppSec & ProdSec to scale security 10:20 - How to embrace secure defaults24:01 - Threat Modeling problems43:02 - Secure Control Efficacy Pyramid58:50 - Overcoming secure default friction 1:04:12 - Advice for CISOs and startups
-
For our first episode of The Modern Security Podcast, we had a wide ranging conversation with Dev Akhawe, Head of Security at Figma, on:
3:50 - The rise of security *engineering*
22:42 - Career advice
29:08 - How secure defaults can effectively scale your security team’s effectiveness, eliminating classes of vulnerabilities, and how to embrace them at your company
38:41 - What makes a security tool great
1:01:25 - How to automatically get continuous visibility into the code your company is writing and scale just-in-time developer education
#modernsecuritypodcast
