The Balancing Act by Security Compass
Enabling Both Speed and Security

Enabling Both Speed and Security

November 9, 2020

Today we are joined by Pranoy De, Eleonor Lee, and Altaz Valani from Security Compass, to talk about three DevSecOps challenges from a technical leader’s perspective: integrating security into DevOps pipelines; building a knowledge retention and training model that balances speed and security; and the convergence of business and IT. In all cases, security has a key role to play in enabling the business to manage risk, in a way that doesn’t slow down the business.

Spencer Koch - An Executive Perspective on Agile Security

Spencer Koch - An Executive Perspective on Agile Security

November 2, 2020

Today we are joined by Altaz Valani from Security Compass and Spencer Koch, Offensive Security Professional at Reddit, to talk about Agile Security in technology companies from an Executive’s perspective. We would start with the question — Why does the business think security gets in the way of being agile — and discuss how a security executive can start to change this perception. As with any change, there needs to be an ongoing effort from security teams to provide assurance and business value for agility. Agile is at the forefront of technology companies today, and security can be an enabler by reducing risk without  getting in the way.

Purnima Bihari - Managing Speed and Security in Your DevOps Product Lifecycle

Purnima Bihari - Managing Speed and Security in Your DevOps Product Lifecycle

October 30, 2020

Today we are joined by Altaz Valani from Security Compass and Purnima Bihari, Product Owner at Security Compass, to talk about how managing a fast moving product delivery lifecycle while ensuring security is a challenging task. Purnima will share insights from her experience about the role a product owner plays in injecting security early into the product lifecycle and the impact being a security champion can make on ensuring product security. We will also discuss the skills required to adopt a balanced approach to speed and security.

Nicolas Chaillan - The Introspection of Building Software Quickly and Managing Security & Compliance Risks

Nicolas Chaillan - The Introspection of Building Software Quickly and Managing Security & Compliance Risks

October 26, 2020

Today we are joined by Rohit Sethi from Security Compass and Nicolas Chaillan, Chief Software Officer, U.S. Air Force, to gain insights into building a DevSecOps program for a large government organization. In this podcast, we will talk about the challenges, key considerations, and the need to balance security with fast delivery cycles in the defense world. We will also cover the program structures being established across the Department of Defense and understand more about the ATO process.

Bob Aiello - Operationalizing Security in DevOps

Bob Aiello - Operationalizing Security in DevOps

October 23, 2020

Today we are joined by Altaz Valani from Security Compass and Bob Aiello, DevOps architect and trainer with decades of experience leading enterprise software process improvement initiatives. We will start by asking the question, “Why do so many organizations struggle with integrating security into DevOps?” Since automation is a key part of DevOps, we will discuss security practices that are easily automatable in DevOps, and conclude with a discussion on where DevOps is headed.

Spencer Koch - Maintain Your Security Through Application Modernization

Spencer Koch - Maintain Your Security Through Application Modernization

October 19, 2020

Today we are joined by Altaz Valani from Security Compass and Spencer Koch, Security Wizard at Reddit, to discuss the role of security in Application Modernization. In today’s digital world, businesses have to modernize their applications routinely. In this podcast, we will discuss current trends and security challenges around application modernization; and how security can help minimize the risk. This is important as many organizations are currently transforming their applications against a backdrop of going digital.

 

Jeff Sorrell - An Industry Perspective on CMMC

Jeff Sorrell - An Industry Perspective on CMMC

October 16, 2020

Today we are joined by Altaz Valani from Security Compass and Jeff Sorrell, a Data Privacy and Information Security Consultant. We will discuss, at a high level, the importance of Cybersecurity Maturity Model Certification (CMMC) and its operational impact on companies that have contracts with the U.S. Department of Defense. We dive into some of the nuances of CMMC as it advocates moving away from self-attestation to third-party audit and certification. To conclude this discussion, Jeff will share thoughts on any trends based on his own experience.

Andrew Wertkin - Where Application Security Meets Infrastructure Security in Cyberspace

Andrew Wertkin - Where Application Security Meets Infrastructure Security in Cyberspace

October 9, 2020

Today we are joined by Ehsan Foroughi from Security Compass, and Andrew Wertkin, Chief Strategy Officer at BlueCat. In this podcast, we will discuss the intersection of network infrastructure and security, and how to bake security requirements from that perspective. Drawing from his experience in enterprise architecture and distributed computing networks, Andrew will also share valuable security and network health insights.

Hasan Yasar - Achieve Continuous ATO Through DevSecOps

Hasan Yasar - Achieve Continuous ATO Through DevSecOps

October 5, 2020

Today we are joined by Hasan Yasar, Technical Director of Continuous Deployment at the Software Engineering Institute, CMU, to talk about Continuous ATO. We will start with the need to automate architectural assurance across the application build and deployment pipeline. Further, we will discuss how risk management is embedded into the process through security controls. Finally, we will conclude with how DevOps unlocks the ability to achieve continuous ATO.

Brian Pitts - Adoption of SD Elements

Brian Pitts - Adoption of SD Elements

October 2, 2020

In this podcast, we are joined by Brian Pitts, Director, Product Security Governance at Johnson Controls (JCI) to discuss some of the unique security challenges faced by IOT device manufacturers and how advanced tooling has helped JCI bolster their product security practices.

Podbean App

Play this podcast on Podbean App