February 19, 2021
Leaders in Product Security: In the second episode of this series, we are joined by Brad Arkin, Senior Vice President, Chief Security and Trust Officer, Cisco, who shares his unique insights from his extensive experience in product, and more holistically, information security. In this podcast, we are going over the major shifts in product security, how we might solve the talent gap, and what role standards may play in the future. Brad will also talk about influencing leadership and driving organizational change, which he has successfully achieved throughout his career.
February 12, 2021
Leaders in Product Security: In the first episode of this series, we are joined by Steve Lipner, Executive Director of SAFECode, who is inarguably one of the most experienced and prolific specialists in product security. We will talk about how Steve got into software security, the impact of Bill Gates' famous Trustworth Computing Memo, how consumers and businesses can assess a vendor's product security, and the important role that SAFECode plays.
February 5, 2021
Today we are joined by Spencer Koch, Offensive Security Professional at Reddit, to talk about cloud enablement from a security practitioner’s perspective. We will start by looking at how security teams can help with creating a culture around cloud enablement. We will then look deeper into the guardrails and metrics, and whether current security metrics still apply to the cloud. And, finally, we will conclude with a brief discussion on pitfalls to avoid while trying to enable cloud adoption in the context of speed to market while managing security risk.
January 29, 2021
Today we are joined by Ayhan Tek, VP of Information Security at Cyber Electra, to talk about how a security practitioner can help enable cloud adoption for their organization. From a cultural standpoint, we will discuss the role of security practitioners in enabling cloud adoption as well as some common pitfalls around cloud security. And, finally, given our rapid delivery CI/CD pipelines, we will talk about the types of metrics we should be considering in order to balance both speed and security.
January 22, 2021
Today we are joined by David Wheeler, Director of Open Source Supply Chain Security at the Linux Foundation, to talk about securing open source software. We will start with a brief discussion on the “2020 FOSS Contributor Survey” report, co-authored by David. We will then delve deeper into some surprising insights from that report as it relates to the dynamic nature of fast-moving open source development. Finally, we will conclude with David’s thoughts on where he thinks open source software security is headed.
January 15, 2021
Today we are joined by Altaz Valani from Security Compass and Wayne Howell Jr., Cyber Security Process & Governance Leader at Honeywell, to talk about product security governance and bridging the gap between product and software security. We will talk about the similarities and differences between product and software security, particularly around the end — i.e. the post-deployment product support. We will then explore areas of process convergence for these teams around requirements and hardware virtualization. To conclude, we will share insights about metrics.
January 8, 2021
Today we are joined by Katie Stewart, co-author of CMMC and Senior Member of the Technical Staff within the CERT® Division at the Software Engineering Institute, to talk about the creation and ongoing evolution of CMMC. We will start by talking about the history of CMMC and the response received so far. We will then turn our discussion to the ongoing evolution of CMMC and ways that people can get involved. CMMC is a significant step in the direction of securing the DoD supply chain and being aware of the ongoing evolution in this space will help leaders proactively plan ahead.
December 18, 2020
Today we are joined by Altaz Valani from Security Compass, Sesh Vaidyula, Partner at Templar shield, and Harvey Nusz, Principal at 4IT Security, Governance & Compliance, to talk about CMMC in a commercial context, given its overlap with NIST 800-53, NISC CSF, and ISO 27001. We will also discuss its similarities with other non-maturity standards and regulations such as PCI, HIPAA, GDPR. To conclude, we will talk about how CMMC might help the broader commercial industry.
December 11, 2020
Today we are joined by Altaz Valani from Security Compass, Sesh Vaidyula, Partner at Templar shield, and Harvey Nusz, Principal at 4IT Security, Governance & Compliance, in our second podcast about CMMC we will talk about what it means for DoD vendors. We will discuss the transformational leadership role that the DoD has as they work toward a more secure supply chain. We will conclude by discussing challenges that, in particular, smaller organizations face with CMMC compliance.
December 4, 2020
Today we are joined by Altaz Valani from Security Compass, Sesh Vaidyula, Partner at Templar shield, and Harvey Nusz, Principal at 4IT Security, Governance & Compliance, in our second podcast to talk about CMMC. We will talk about what CMMC means to DoD suppliers around building maturity. We will then discuss the transformational leadership role that the DoD has as they work toward a more secure supply chain. We will conclude by discussing challenges that, in particular, smaller organizations face with CMMC compliance.
