The Balancing Act by Security Compass
Glen Notman - Bridging the Gap Between Security and Business Teams

Glen Notman - Bridging the Gap Between Security and Business Teams

September 25, 2020

Today we are joined by Glen Notman, Associate Partner at Citihub. In this podcast, we will talk about the gap that exists between the security and business teams. To communicate the value of security, it’s important for security teams to make their findings and recommendations relevant to the business. This involves empathizing with the real needs of a business stakeholder.

Gopi Reddy - Enabling Digital Through Secure DevOps

Gopi Reddy - Enabling Digital Through Secure DevOps

September 21, 2020

Today we are joined by Gopi Reddy who is an experienced Enterprise Architect. We will talk about digital transformation and how DevOps enables the business imperative. Security is often not considered a key part of this transformation because of the perception that it is a low-level technical activity. With the shift to digital product enablement in a high velocity environment, this is now changing as security becomes everyone’s responsibility.

Ruth G. Lennon - First Steps in Building Proactive Security

Ruth G. Lennon - First Steps in Building Proactive Security

September 18, 2020

Today we are joined by Ruth G. Lennon, Lecturer, Department of Computing at the Letterkenny Institute of Technology, to talk about initiating the journey of injecting security into development. Many teams feel enormous pressure from the start to quickly understand security. In this podcast, we delve into taking a more thoughtful and deliberate approach that focuses on building a strong foundation to align your cross functional teams.

Nikhil Kumar & Altaz Valani - Feasibility of Zero Trust

Nikhil Kumar & Altaz Valani - Feasibility of Zero Trust

September 14, 2020

Today we are joined by Altaz Valani from Security Compass and Nikhil Kumar, President, and Founder of ApTSi, to discuss the feasibility of Zero Trust. In this podcast, we will talk about the value of Zero Trust from a business enablement perspective. We will also dive into the feasibility of Zero Trust for technical leaders. While Zero Trust is not a silver bullet, for today’s rapidly evolving business and security scenarios, it offers a compelling evolution away from our network-centric approach towards a focus on the data.

Stephen Whitlock & Altaz Valani - Rolling Out Zero Trust

Stephen Whitlock & Altaz Valani - Rolling Out Zero Trust

September 11, 2020

Today we are joined by Altaz Valani from Security Compass and Stephen Whitlock, one of the first members of the Jericho Forum and a security expert with 16 years of experience at Boeing. In this podcast, we will discuss the evolution of Zero Trust and its roots in the Jericho Forum work. We will also talk about the business value of Zero Trust and the pitfalls of rolling out a Zero Trust program. Implementing Zero Trust is more effective if we understand the history and why today’s business needs are driving this evolutionary approach to security.

Tony Carrato & Altaz Valani - Business Value of Zero Trust Compared to Other Security Models

Tony Carrato & Altaz Valani - Business Value of Zero Trust Compared to Other Security Models

September 8, 2020

Today we are joined by Altaz Valani from Security Compass and Tony Carrato, an independent consultant with expertise in delivering enterprise architecture across varied industries. In this podcast, we will discuss the evolution of the Zero Trust security model and how it is different from existing models. We will also delve into the business value that Zero Trust can offer organizations in the midst of changing operating models. The agility of organizations depends, in large part, on the security assurance of data safety at all times.

Ehsan Foroughi - Importance of Security Culture

Ehsan Foroughi - Importance of Security Culture

September 4, 2020

Today we are joined by Ehsan Foroughi, Head of Products at Security Compass, to talk about the importance of a security culture in an organization. In this episode, he will explain how the effectiveness of any application security program is impacted by the security culture across teams. Citing examples from his personal experiences, he delves into the human factor in security and how strong organizational policies can fail if not implemented properly.

Hasan Yasar & Altaz Valani - Proactively Managing Security in DevSecOps

Hasan Yasar & Altaz Valani - Proactively Managing Security in DevSecOps

August 31, 2020

Today we are joined by Altaz Valani from Security Compass and Hasan Yasar, Technical Director of Continuous Deployment at the Software Engineering Institute, CMU. We will discuss shifting security to the left and being more proactive. Using Top 10 lists is a good starting point. In the long term, however, value is achieved when we use security scenarios to drive out important value propositions.

Andy Woyzbun & Altaz Valani - Enabling a Cybersecurity Strategy

Andy Woyzbun & Altaz Valani - Enabling a Cybersecurity Strategy

August 28, 2020

Today we are joined by Altaz Valani from Security Compass and Andy Woyzbun, Management Consultant at Woyzbun Advisory, to discuss how a CIO drives a cybersecurity strategy. In this podcast, we will talk about clearly defining and communicating security policies; guiding employees to execute these policies; and using guardrails to assess whether security policies are being enforced effectively. Ultimately, it’s about balancing a cybersecurity strategy against the needs of business enablement.

Spencer Koch & Altaz Valani - Lean Thinking Enables Proactive Security

Spencer Koch & Altaz Valani - Lean Thinking Enables Proactive Security

August 24, 2020

Today we are joined by Altaz Valani from Security Compass and Spencer Koch, Security Wizard at Reddit, to discuss the importance of a proactive security mindset across the software security life cycle. Proactive often means using tools, but these tools are useful only if they help reduce process overhead. Blindly shifting security responsibilities to tool results in more overhead through false positives. In this podcast, we will talk about a lean process mindset that shifts the discussion “to the left” (before SAST, DAST, and Pentesting) and helps to identify where waste can be eliminated and that is what enables proactive security.

Spencer is an offensive security professional with extensive experience in both consulting and industry. He has also served as the North American CISO at a large energy company.

Play this podcast on Podbean App