Created with Sketch.
25 minutes | Jun 1, 2021
Security Superfriends Episode 9 Clint Gibler
Soluble's Rich Seiersen interviews Clint Gibler, head of security research at r2c, co-founder at tl;dr sec. They discuss the popularity of the r2c open source tool Semgrep, which helps developers perform static testing of their code in CI.
24 minutes | May 18, 2021
Security Superfriends Episode 8 Randy Barr, InterVenn
Randy’s career includes leadership roles at pioneering companies, including WebEx back when it was a small startup through its IPO. He was CISO for the SaaS security leader Qualys, and he was head of product security and security operations for Zoom as its usage exploded over the last year with the pandemic. Now, he’s back to being a CISO at a highly regulated life sciences organization, InterVenn. In this episode, we discuss the importance of shifting left for modern software development with the high velocity of code releases. Getting security implemented as early as possible, close to developers is key. The goal is to help them find and understand any vulnerabilities early so they can fix issues. Effective strategies include implementing tools for static and dynamic testing, giving developers security training, and working with pen testers that can interact directly with the developers. He also discusses his approaches to securing what is becoming the new normal of a largely remote workforce. You may not know where team members are connecting from, how they’re connecting, whether there are others connecting on their same network, whether they are using personal devices, etc. There are opportunities to use security controls to enable this flexibility for employees while ensuring security. We also discuss the importance of community participation. Randy participates and shares his knowledge with local chapters of information security groups, the cloud security alliance (CSA), and he works for companies that embrace working with other security professionals. I can’t emphasize how important this is! A CISO can’t (and doesn’t) know everything. For example, the supply chain risk with Zoom is going to be entirely different than with precision medicine at InterVenn. It is so easy to think “I’m the CISO, I should know…” A better answer is, “I have a community, we have each other's backs. And while I may not have the answer right now, I will have feedback from several peers in real companies dealing with this very issue in real ways.” When you stand in front of a board, they will ask, “How are others doing this...specifically companies x,y, and z…” I have heard this numerous times myself. And this is Randy’s chief point. Build and use your community – it’s arguably your strongest asset. Perhaps this point of view comes from his military training, having started his career in the Marines (is it just me, or is there a growing cadre of security leaders with backgrounds in the military)? Surround yourself with great intel. We are fighting a digital war, we need our allies! As he points out, there are a lot of bad actors out there, so working independently, in silos, doesn’t work when you could be working together to fight the bad guys.
29 minutes | May 10, 2021
Security Superfriends Episode 7 James Sörling, WirelessCar
Security architect and open source contributor James Sörling talks about open source tools that make high velocity development more secure. Sörling, currently security architect for Wireless Car, is an open source contributor for cfn-nag, which performs infrastructure as code (IaC) static analysis of AWS CloudFormation. He also wrote an open source module that integrated CFN-nag into SonarQube. Now, developers, DevOps, and SREs can get their CloudFormation scanned during development, to help them fix issues early. It also helps with audit and compliance to associate owners to IaC early in development.
36 minutes | Mar 25, 2021
Security Superfriends Episode 6 Rick Howard, CSO, Senior Fellow, Chief Analyst, The CyberWire
Soluble's Rich Seiersen interviews Rick Howard. The SolarWinds Breach, Supply Chain Risk, Cloud Native Development, and security books we all must read.
36 minutes | Mar 3, 2021
Security Superfriends Episode 5: Chad Kalmes, PagerDuty
Chad Kalmes talks about his security and risk management strategies for leading companies including Twilio and PagerDuty. He also discusses his career.
35 minutes | Sep 3, 2020
Security Superfriends Episode 4 Kathy Wang, CISO, Very Good Security
Security Superfriends Episode 4: Kathy Wang, CISO at Very Good Security Posted by Rich Seiersen on September 3, 2020 Kathy Wang is a total super security hero! A three time CISO who rose from the engineering ranks, Kathy has been rocking the security space for 20 years. She is now focused hardcore on the cloud native space, having run security for GitLab for two years before joining Very Good Security. The knowledge and experience she brings will continue to shape the future of cloud native security. I hope you enjoy this installment!
20 minutes | Aug 6, 2020
Security Superfriends Garrett Held, CISO For Carta
Introducing Security Superfriends Videos and Podcasts! | Garrett Held, CISO of Carta Posted by Rich Seiersen on July 23, 2020 I’m excited to share our first episode of Security Superfriends! I’ll be posting videos of chats with my friends who are on the security front lines in many episodes to come. We’ll tackle topics including cloud native innovation, investing in new tech, serverless vs FaaS vs CaaS vs Kubernetes vs….and much more! Our first episode features Garrett Held. Garrett is the CISO for Carta, a fast moving cloud native company leveraging Kubernetes. I specifically met with Garrett to talk about the changes being brought about in security due to cloud native software velocities. He is uniquely qualified to talk about this having worked at the likes of Salesforce.com, Twilio and now Carta. They are all leveraging cloud native technology, and each is increasingly modern in their approach.
35 minutes | Aug 6, 2020
Security Superfriends Episode 3 Aaron Stanley, Twilio
Security Superfriends Episode 3: Aaron Stanley, Head of Security at Twilio Posted by Rich Seiersen on August 5, 2020 As fast as fast can be! This describes the reality of software development at Twilio. Aaron Stanley, who runs security at Twilio, describes all this in this installment of Security Superfriends. Along the way, he shares why Triangle Man (pictured below) is his favorite Superhero - largely because he beats Particle Man.
30 minutes | Aug 6, 2020
Security Superfriends Episode 2 Ely Kahn, Product Management, AWS
Security Superfriends: Ely Kahn, AWS Posted by Rich Seiersen on July 29, 2020 Our second episode of Security Superfriends has arrived! In this episode, we learn why Wolverine is possibly the most “security” of all superheroes. Today’s episode is an interview with Ely Kahn, the principal product manager for AWS Security Hub. Ely’s path to superhero glory was not the typical hero's journey. He chronicles his adventure from the White House to a startup named after a rodent, and how that startup was eventually acquired by AWS.
Terms of Service
Do Not Sell My Personal Information
© Stitcher 2021