DevSecOps Data With Alanna Brown, Gareth Rushgrove, And Alyssa Miller

09/04/20 • 44 min

On The Secure Developer, we often hear a lot of opinions and experiences from people who are working in development, so today we’re turning to the data, to figure out what works and what doesn’t in the world of DevOps and SecDevOps. Joining us for a panel discussion on the topic is Alanna Brown, Senior Marketing Director at Puppet and mastermind behind the State of DevOps Report, Gareth Rushgrove, Product Director at Snyk and curator of Devops Weekly, and Alyssa Miller, Application Security Advocate, also at Synk. In this show, we get a lay of the land and take a look at the state of where things stand. In this section of the discussion, we hear about vulnerabilities and the mixed bag of data that our panelists have seen around remediation. While there are some positive developments in the space, there are also some areas, like on the container side, where there is great room for improvement. The conversation then moves to security practices and which security controls are effectively deployed and which are not. We gain great insights into the role that integration plays in the efficacy of controls. While it’s not all sunshine and roses, there are encouraging shifts happening around security thinking. From there, we move onto talking about infrastructure as code security and shared responsibility. Again, the panelists present their varied data findings, which paints an interesting picture. Finally, we wrap the show up with consolidating the discussion, where the panelists highlight what they think is key going forward. To hear more from this fascinating, data-rich discussion, tune in today!

Follow Us

Follow Us

Previous Episode

Leveling Up Security In Big Organizations With Geoff Kershner

Bringing large organizations in line with modern security practices can be a tricky task, especially when they don’t understand how valuable security is to the business and your customers. Today we speak with Geoff Kershner, Chief Security Officer at Medallia, who brings 25 years of experience to bear on leveling up the security of big organizations. After sharing highlights from his career, Geoff talks about the shift from consulting to running Medallia’s security team. We then dive into what their security team looks like and Geoff explains his security philosophy. We discuss how Geoff integrates security into Medallia’s engineering teams through security champion programs and the benefit that upskilling their security practices has for employees. Considering the often hybrid nature of their work, Geoff details how Medallia’s security champions function both workflow-wise and in terms of their role expectations. Focusing on more specifics, we ask Geoff what he looks for in new hires, how his security and developer teams work together, and how product and cloud security are managed. We also touch on how Geoff evaluates security tools and how leveling up security requires being able to adapt your security message to bring your organization along with you, instead of combating them. With a treasure trove of experience, our discussion with Geoff is filled with insights. Tune in to hear more about growing security within big organizations.

Follow Us

Next Episode

New Playbooks For Security With Lucas Moody

Today’s guest is Lucas Moody, Head of Security Innovation and Operations at Rubrik, here to talk about what being forward-thinking about security in 2020 looks like. We open with Lucas sketching out his impressive career in Silicon Valley and how his role as the first CISO at Palo Alto Networks is informing his current work at Rubrik. Here we explore what it means to work on security as far as operations and product innovation too, and Lucas compares his experience doing this at Palo Alto, a security company first, versus at Rubrik which is more focused on data management, resiliency and recovery, and backup. From there, we move onto the topic of how the shift to cloud and SaaS has changed tech companies and is leading to exciting evolutions in the roles of CIOs, CSOs, and CISOs. Shifting to the idea of security DNA, we discuss how firms should think about security as part of their day to day operations with Lucas next. Before closing, we talk about how the pandemic affected the security strategy at Rubrik, and Lucas details some of the major shifts they made away from infrastructure-related projects to things like identity and access so that security work could still effectively be done remotely. Finally, Lucas shares a few top tips for how firms can level up their security foo as far as throwing old playbooks out and having an independent red team. Be sure to tune in!

Follow Us