March 19, 2021
Leaders in Product Security: In the sixth episode of this series, we are joined by Khaja Ahmed, Sr. VP, Product and Application Security at SAP, who shares his unique insights from working in the cloud security space with companies like Amazon, Microsoft, and Google. We will talk about the impact of reporting structure on product security, differences between start-ups and enterprises, and how product security will evolve in the future.
Building Secure & Reliable Systems
March 12, 2021
Leaders in Product Security: In the fifth episode of this series, we are joined by Janne Uusilehto, Lead Privacy PgM at Google, to gain insights into product security as he shares his experiences from the early days of mobile device security. We will also discuss how product security has evolved over the years and the progress being made by organizations with the changes in this space.
March 8, 2021
Today we are joined by John Weigelt, Lead for Microsoft Canada’s Strategic Policy and Technology Efforts, to talk about IoT and Hardware Security from a security executive’s perspective. We will start by looking at the context of IoT and hardware products and the importance of not getting biased toward an exclusively desktop computing frame of reference. We will then discuss how security teams can help with creating awareness. We will conclude by talking about emerging trends around zero trust and security enclaves to address hardware security concerns.
March 5, 2021
Leaders in Product Security: In the fourth episode of this series, we are joined by Jason Christman, VP, Chief Product Security Officer at Johnson Controls. Jason is a recognized champion of the Chief Product Security Officer (CPSO) role. In this podcast we discuss the role and its core responsibilities, top priorities, and compare the role with the Chief Information Security Officer (CISO). We also talk about product security as it relates to competitiveness, unique considerations for industrial controls, and future changes to product security.
February 22, 2021
Today we are joined by Altaz Valani from Security Compass and Tony Carrato, an Independent Architecture Consultant, to talk about IoT and Hardware Security from a security executive’s perspective. We will start the discussion by talking about the top security challenges with IoT and hardware products, such as emerging standards, data movement, and default passwords. We will then turn our attention toward trying to de-risk these security challenges through standards influence, architecture, and assurance. To conclude, we will discuss security trends around IoT and hardware products, including device capabilities, edge computing, and the importance of IoT at the executive level.
February 19, 2021
Leaders in Product Security: In the second episode of this series, we are joined by Brad Arkin, Senior Vice President, Chief Security and Trust Officer, Cisco, who shares his unique insights from his extensive experience in product, and more holistically, information security. In this podcast, we are going over the major shifts in product security, how we might solve the talent gap, and what role standards may play in the future. Brad will also talk about influencing leadership and driving organizational change, which he has successfully achieved throughout his career.
February 12, 2021
Leaders in Product Security: In the first episode of this series, we are joined by Steve Lipner, Executive Director of SAFECode, who is inarguably one of the most experienced and prolific specialists in product security. We will talk about how Steve got into software security, the impact of Bill Gates' famous Trustworth Computing Memo, how consumers and businesses can assess a vendor's product security, and the important role that SAFECode plays.
February 5, 2021
Today we are joined by Spencer Koch, Offensive Security Professional at Reddit, to talk about cloud enablement from a security practitioner’s perspective. We will start by looking at how security teams can help with creating a culture around cloud enablement. We will then look deeper into the guardrails and metrics, and whether current security metrics still apply to the cloud. And, finally, we will conclude with a brief discussion on pitfalls to avoid while trying to enable cloud adoption in the context of speed to market while managing security risk.
January 29, 2021
Today we are joined by Ayhan Tek, VP of Information Security at Cyber Electra, to talk about how a security practitioner can help enable cloud adoption for their organization. From a cultural standpoint, we will discuss the role of security practitioners in enabling cloud adoption as well as some common pitfalls around cloud security. And, finally, given our rapid delivery CI/CD pipelines, we will talk about the types of metrics we should be considering in order to balance both speed and security.