Artwork

Nội dung được cung cấp bởi Chris Lindsey. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Chris Lindsey hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.
Player FM - Ứng dụng Podcast
Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !

Moving from Reactive to Proactive in your Application Security Program

27:48
 
Chia sẻ
 

Manage episode 442935920 series 3589650
Nội dung được cung cấp bởi Chris Lindsey. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Chris Lindsey hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.

In the episode "Reactive to Proactive" of the podcast Secrets of AppSec Champions, host Chris Lindsey engages with Shashank Balasubramanian, the Head of Application Security at Tripadvisor. Shashank has been managing the application security program at Tripadvisor for over four years, during which he has overseen the transition from a reactive to a proactive security approach. The conversation delves into the distinct characteristics of reactive vs. proactive security programs, highlighting the importance of integrating security measures early in the development process and fostering strong relationships between security teams and developers.
They discuss the significance of implementing the right security tools, such as Software Composition Analysis (SCA) tools, to address third-party vulnerabilities effectively and integrating these tools into the CI/CD pipeline. Shashank emphasizes the value of building a security-aware culture within the development teams through regular training and the establishment of a Security Champion program. These champions, who are trained in security best practices, help scale the security team's efforts by embedding themselves within various development teams, facilitating a proactive approach to security.
The episode also touches on the importance of executive engagement and effective communication regarding the security landscape. By providing detailed reports and metrics to executives, security teams can ensure there is a clear understanding of the program's ROI and reduce the likelihood of surprise incidents. This high-level visibility and proactive security posture ultimately lead to a more robust and efficient security program, enabling the organization to address vulnerabilities before they become significant issues. The conversation sheds light on practical strategies and tools that can help security professionals transition from reactive to proactive security measures, fostering a more secure and resilient organization.

| ❇️ Key Topics with Timestamps
00:00 The Reactive Approach to Building Software Programs
04:51 Empowering Proactive Vulnerability Management with Appsec Tools
06:48 Maximizing ROI by Installing Security Tools in CI/CD Pipeline
12:20 Optimizing Security-Team Communication for Program Success
14:05 Strategic Approach to Security Threats in Business
18:33 Engaging Developers in Security Through Champion Program
22:43 Preparing for Unexpected Challenges in the Industry
24:11 Prioritizing Open Source and Pen Testing
27:05 Appsec Champions: Valuable Tips for Success

For more amazing application security information, please visit the following LinkedIn communities:
https://www.linkedin.com/company/appsec-hive

Provided by Mend.io (https://mend.io)

  continue reading

12 tập

Artwork
iconChia sẻ
 
Manage episode 442935920 series 3589650
Nội dung được cung cấp bởi Chris Lindsey. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Chris Lindsey hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.

In the episode "Reactive to Proactive" of the podcast Secrets of AppSec Champions, host Chris Lindsey engages with Shashank Balasubramanian, the Head of Application Security at Tripadvisor. Shashank has been managing the application security program at Tripadvisor for over four years, during which he has overseen the transition from a reactive to a proactive security approach. The conversation delves into the distinct characteristics of reactive vs. proactive security programs, highlighting the importance of integrating security measures early in the development process and fostering strong relationships between security teams and developers.
They discuss the significance of implementing the right security tools, such as Software Composition Analysis (SCA) tools, to address third-party vulnerabilities effectively and integrating these tools into the CI/CD pipeline. Shashank emphasizes the value of building a security-aware culture within the development teams through regular training and the establishment of a Security Champion program. These champions, who are trained in security best practices, help scale the security team's efforts by embedding themselves within various development teams, facilitating a proactive approach to security.
The episode also touches on the importance of executive engagement and effective communication regarding the security landscape. By providing detailed reports and metrics to executives, security teams can ensure there is a clear understanding of the program's ROI and reduce the likelihood of surprise incidents. This high-level visibility and proactive security posture ultimately lead to a more robust and efficient security program, enabling the organization to address vulnerabilities before they become significant issues. The conversation sheds light on practical strategies and tools that can help security professionals transition from reactive to proactive security measures, fostering a more secure and resilient organization.

| ❇️ Key Topics with Timestamps
00:00 The Reactive Approach to Building Software Programs
04:51 Empowering Proactive Vulnerability Management with Appsec Tools
06:48 Maximizing ROI by Installing Security Tools in CI/CD Pipeline
12:20 Optimizing Security-Team Communication for Program Success
14:05 Strategic Approach to Security Threats in Business
18:33 Engaging Developers in Security Through Champion Program
22:43 Preparing for Unexpected Challenges in the Industry
24:11 Prioritizing Open Source and Pen Testing
27:05 Appsec Champions: Valuable Tips for Success

For more amazing application security information, please visit the following LinkedIn communities:
https://www.linkedin.com/company/appsec-hive

Provided by Mend.io (https://mend.io)

  continue reading

12 tập

Tất cả các tập

×
 
Loading …

Chào mừng bạn đến với Player FM!

Player FM đang quét trang web để tìm các podcast chất lượng cao cho bạn thưởng thức ngay bây giờ. Đây là ứng dụng podcast tốt nhất và hoạt động trên Android, iPhone và web. Đăng ký để đồng bộ các theo dõi trên tất cả thiết bị.

 

Hướng dẫn sử dụng nhanh

Nghe chương trình này trong khi bạn khám phá
Nghe