The Balancing Act by Security Compass

Leaders in Product Security: In the sixth episode of this series, we are joined by Khaja Ahmed, Sr. VP, Product and Application Security at SAP, who shares his unique insights from working in the cloud security space with companies like Amazon, Microsoft, and Google. We will talk about the impact of reporting structure on product security, differences between start-ups and enterprises, and how product security will evolve in the future.

Leaders in Product Security: In the fifth episode of this series, we are joined by Janne Uusilehto, Lead Privacy PgM at Google, to gain insights into product security as he shares his experiences from the early days of mobile device security. We will also discuss how product security has evolved over the years and the progress being made by organizations with the changes in this space.

Today we are joined by John Weigelt, Lead for Microsoft Canada’s Strategic Policy and Technology Efforts, to talk about IoT and Hardware Security from a security executive’s perspective. We will start by looking at the context of IoT and hardware products and the importance of not getting biased toward an exclusively desktop computing frame of reference. We will then discuss how security teams can help with creating awareness. We will conclude by talking about emerging trends around zero trust and security enclaves to address hardware security concerns.

Leaders in Product Security: In the fourth episode of this series, we are joined by Jason Christman, VP, Chief Product Security Officer at Johnson Controls. Jason is a recognized champion of the Chief Product Security Officer (CPSO) role. In this podcast we discuss the role and its core responsibilities, top priorities, and compare the role with the Chief Information Security Officer (CISO). We also talk about product security as it relates to competitiveness, unique considerations for industrial controls, and future changes to product security.

#cybersecurity #podcast 

Leaders in Product Security: In the third episode of this series, we are joined by Laksh Raghavan, Head of Product, Platform and Enterprise Security at LinkedIn,he explains how cross-disciplinary thinking — specifically behavioral science and systems thinking are critical to driving success in product security. Laksh also shares how he has successfully driven developer buy-in for security, and how we must focus on dissolution and dis-continuous improvements to completely eliminate many of the complex and chronic problems in Information Security. 

#cybersecurity #podcast 

You can connect with Laksh on Twitter @laraghavan.

Show Notes:

How Wolves Change Rivers : https://www.youtube.com/watch?v=ysa5OBhXz-Q

Heartwarming Video: https://www.linkedin.com/posts/ugcPost-6759141809772863488-HtKs and the quote from Anil Dash.

Today we are joined by Altaz Valani from Security Compass and Tony Carrato, an Independent Architecture Consultant, to talk about IoT and Hardware Security from a security executive’s perspective. We will start the discussion by talking about the top security challenges with IoT and hardware products, such as emerging standards, data movement, and default passwords. We will then turn our attention toward trying to de-risk these security challenges through standards influence, architecture, and assurance. To conclude, we will discuss security trends around IoT and hardware products, including device capabilities, edge computing, and the importance of IoT at the executive level. 

Leaders in Product Security: In the second episode of this series, we are joined by Brad Arkin, Senior Vice President, Chief Security and Trust Officer, Cisco, who shares his unique insights from his extensive experience in product, and more holistically, information security. In this podcast, we are going over the major shifts in product security, how we might solve the talent gap, and what role standards may play in the future. Brad will also talk about influencing leadership and driving organizational change, which he has successfully achieved throughout his career.

Leaders in Product Security: In the first episode of this series, we are joined by Steve Lipner, Executive Director of SAFECode, who is inarguably one of the most experienced and prolific specialists in product security. We will talk about how Steve got into software security, the impact of Bill Gates' famous Trustworth Computing Memo, how consumers and businesses can assess a vendor's product security, and the important role that SAFECode plays.

Today we are joined by Spencer Koch, Offensive Security Professional at Reddit, to talk about cloud enablement from a security practitioner’s perspective. We will start by looking at how security teams can help with creating a culture around cloud enablement. We will then look deeper into the guardrails and metrics, and whether current security metrics still apply to the cloud. And, finally, we will conclude with a brief discussion on pitfalls to avoid while trying to enable cloud adoption in the context of speed to market while managing security risk. 

Today we are joined by Ayhan Tek, VP of Information Security at Cyber Electra, to talk about how a security practitioner can help enable cloud adoption for their organization. From a cultural standpoint, we will discuss the role of security practitioners in enabling cloud adoption as well as some common pitfalls around cloud security. And, finally, given our rapid delivery CI/CD pipelines, we will talk about the types of metrics we should be considering in order to balance both speed and security.