Spencer Koch - Scale Your Threat Modeling Beyond STRIDE and Data Flow Diagrams

Today we are joined by Spencer Koch, Offensive Security Professional at Reddit, to talk about threat modeling and the issues with scaling the traditional processes. These days, we don’t have enough security practitioners to perform threat modeling on every system. In many cases, there is also an emphasis on trying to achieve perfection instead of doing what’s “good enough.”  In this episode, we delve into how shifting toward a more democratized and decentralized approach that allows more people to get involved.

Leaders in Product Security - Timo Skytta

Leaders in Product Security: In the tenth episode of this series, we are joined by Timo Skytta, Managing Director, Head of Advisory (Security) at Goldman Sachs, to talk about his experience with workload, priority management, and automation. We will delve into what problem their company was trying to solve, the challenges they ran into, unexpected pushback from the stakeholders, and how they aligned goals to overcome these challenges.

Leaders in Product Security - David Lenoe

Leaders in Product Security: In the ninth episode of this series, we are joined by David Lenoe, Director, Secure Software Engineering at Adobe, to talk about product security and its evolution at Adobe. David will also share his insights on working with engineering teams, the importance of security champions, and why compliance is not necessarily a barrier to security.

Leaders in Product Security - Matthew Bohne

Leaders in Product Security: In the eighth episode of this series, we are joined by Matthew Bohne, Vice President and Chief Product Security Officer for Honeywell Corporation, to talk about the unique challenges of running a security program at a global scale. Drawing on his experience in leading one of the largest product security teams globally, he shares his thoughts on emerging regulatory standards that can impact product security. We will also talk about the value of the ISA/IEC 62443 standard for IOT & IIOT devices, and how other industries are taking product security more seriously now.

Leaders in Product Security - Sudharma Thikkavarapu

Leaders in Product Security: In the seventh episode of this series, we are joined by Sudharma Thikkavarapu to talk about product, application, and cloud security. He shares his perspectives on software-defined infrastructures and how it impacts the way we think about security. He also throws light on what it takes to make product security successful, including how to evolve security thinking to keep engineering engaged.

Leaders in Product Security - Khaja Ahmed

Leaders in Product Security: In the sixth episode of this series, we are joined by Khaja Ahmed, Sr. VP, Product and Application Security at SAP, who shares his unique insights from working in the cloud security space with companies like Amazon, Microsoft, and Google. We will talk about the impact of reporting structure on product security, differences between start-ups and enterprises, and how product security will evolve in the future.

Episode Notes:

Building Secure & Reliable Systems

Leaders in Product Security - Janne Uusilehto

Leaders in Product Security: In the fifth episode of this series, we are joined by Janne Uusilehto, Lead Privacy PgM at Google, to gain insights into product security as he shares his experiences from the early days of mobile device security. We will also discuss how product security has evolved over the years and the progress being made by organizations with the changes in this space.

John Weigelt - Check Your Security Biases When Deploying IoT and Hardware

Today we are joined by John Weigelt, Lead for Microsoft Canada’s Strategic Policy and Technology Efforts, to talk about IoT and Hardware Security from a security executive’s perspective. We will start by looking at the context of IoT and hardware products and the importance of not getting biased toward an exclusively desktop computing frame of reference. We will then discuss how security teams can help with creating awareness. We will conclude by talking about emerging trends around zero trust and security enclaves to address hardware security concerns.

Leaders in Product Security - Jason Christman

Leaders in Product Security: In the fourth episode of this series, we are joined by Jason Christman, VP, Chief Product Security Officer at Johnson Controls. Jason is a recognized champion of the Chief Product Security Officer (CPSO) role. In this podcast we discuss the role and its core responsibilities, top priorities, and compare the role with the Chief Information Security Officer (CISO). We also talk about product security as it relates to competitiveness, unique considerations for industrial controls, and future changes to product security.

#cybersecurity #podcast 

Leaders in Product Security - Laksh Raghavan

Leaders in Product Security: In the third episode of this series, we are joined by Laksh Raghavan, Head of Product, Platform and Enterprise Security at LinkedIn,he explains how cross-disciplinary thinking — specifically behavioral science and systems thinking are critical to driving success in product security. Laksh also shares how he has successfully driven developer buy-in for security, and how we must focus on dissolution and dis-continuous improvements to completely eliminate many of the complex and chronic problems in Information Security. 

#cybersecurity #podcast 

You can connect with Laksh on Twitter @laraghavan.

Show Notes:

How Wolves Change Rivers : https://www.youtube.com/watch?v=ysa5OBhXz-Q

Heartwarming Video: https://www.linkedin.com/posts/ugcPost-6759141809772863488-HtKs and the quote from Anil Dash.