The Balancing Act by Security Compass
Leaders in Product Security - Clay Carter

Leaders in Product Security - Clay Carter

September 17, 2021

In this episode, Clay Carter talks about product security in our critical infrastructure- specifically, water! Clay discusses the unique challenges and opportunities of product security in the water industry, the intersection with business partners like safety, importance of domain expertise, and the effect of seeing the products you help secure impact your day to day life.

Malu Septien Milan - Aligning Security to Business Value

Malu Septien Milan - Aligning Security to Business Value

August 30, 2021

Today we are joined by Malu Septien Milan, President of Cryptopon, to talk about tying security to business value. We will start by explaining the gap between security and business expectations. This has an impact on how security teams scale as they become increasingly relevant in business operational risk where DevOps is driving “continuous everything”. We will then round off the discussion by turning to the business side to consider what they can do to help close the gap. In an era where going digital is a top priority, closing the security-business gap is crucial to balancing security with operational risk.

Jack Freund - Aligning Cyber Security Risk With Business Value

Jack Freund - Aligning Cyber Security Risk With Business Value

July 23, 2021

Today we are joined by Jack Freund, Head of Cyber Risk Methodology at VisibleRisk, to talk about cyber security risk and business value. We will start by discussing the gap between cyber security and business value. In bridging these two domains, we eventually need to consider different risk models. We will discuss cyber security risk modeling approaches and challenges. We will then conclude by looking at where cyber security risk modeling is going over the next 18 to 24 months. This discussion will serve both security and risk practitioners who focus on threat modeling or risk assessments and want to understand how their efforts can align with the broader trend around risk modeling.

Leaders in Product Security - John Deskurakis

Leaders in Product Security - John Deskurakis

July 9, 2021
Leaders in Product Security: In the eleventh episode of this series, we are joined by John Deskurakis, Chief Product Security Officer, Carrier Global Corporation, to talk about how Carrier tackles some of the unique challenges they face with product security, as well as the critical role of cold storage for COVID-19 vaccinations. During this discussion, he also highlights how "shift left" is often used to mean scanners in the industry, when in fact there should be more focus on security by design. John will also throw some light on product security in general, and the role of a Chief Product Security Officer more broadly.
 
#productsecurity #podcast
 
Leaders in Product Security - Sean Poris

Leaders in Product Security - Sean Poris

June 11, 2021

Leaders in Product Security: In the eleventh episode of this series, we are joined by Sean Poris, Director, Product Security at Verizon Media, to talk about the role of engineering in a service organization. We will discuss the evolving pace of software development, the critical contributions of security champions, and balancing security by design with security assurance.

Paul Breitbarth - Injecting Privacy Regulations into DevOps

Paul Breitbarth - Injecting Privacy Regulations into DevOps

June 4, 2021

Today we are joined by Paul Breitbarth, Director, Global Policy & EU Strategy at TrustArc, to talk about integrating privacy into software development. We will start by educating you about the process of privacy impact assessment which will help us understand how to bridge the gap between privacy and DevOps. The inherent cross-functional nature of balancing speed and privacy necessitates early intervention of privacy teams. To conclude, Paul will share thoughts on the future of privacy regulations and software development.

Ayhan Tek - Scaling Threat Modeling to Achieve Software Development Compliance

Ayhan Tek - Scaling Threat Modeling to Achieve Software Development Compliance

May 14, 2021

Today we are joined by Ayhan Tek, VP of Information Security at Cyber Electra, to talk about how a security practitioner can help support compliance related security activities in software development. In order to make threat modeling scalable, the cross-functional nature of software development needs to extend beyond data flow diagrams into the business realm. Once in the business domain, the discussion turns toward risk. The long-term value of threat modeling, therefore, is in its ability to contribute toward risk assessments that will enable non-technical stakeholders to make informed decisions about security investments.

Spencer Koch - Scale Your Threat Modeling Beyond STRIDE and Data Flow Diagrams

Spencer Koch - Scale Your Threat Modeling Beyond STRIDE and Data Flow Diagrams

April 30, 2021

Today we are joined by Spencer Koch, Offensive Security Professional at Reddit, to talk about threat modeling and the issues with scaling the traditional processes. These days, we don’t have enough security practitioners to perform threat modeling on every system. In many cases, there is also an emphasis on trying to achieve perfection instead of doing what’s “good enough.”  In this episode, we delve into how shifting toward a more democratized and decentralized approach that allows more people to get involved.

Leaders in Product Security - Timo Skytta

Leaders in Product Security - Timo Skytta

April 16, 2021

Leaders in Product Security: In the tenth episode of this series, we are joined by Timo Skytta, Managing Director, Head of Advisory (Security) at Goldman Sachs, to talk about his experience with workload, priority management, and automation. We will delve into what problem their company was trying to solve, the challenges they ran into, unexpected pushback from the stakeholders, and how they aligned goals to overcome these challenges.

Leaders in Product Security - David Lenoe

Leaders in Product Security - David Lenoe

April 9, 2021

Leaders in Product Security: In the ninth episode of this series, we are joined by David Lenoe, Director, Secure Software Engineering at Adobe, to talk about product security and its evolution at Adobe. David will also share his insights on working with engineering teams, the importance of security champions, and why compliance is not necessarily a barrier to security.

Podbean App

Play this podcast on Podbean App