security leadership

Episode Summary

In this episode of The Secure Developer, Guy Podjarny and guest Sean Catlett discuss the shift from traditional to engineering-first security practices. They delve into the importance of empathy and understanding business operations for enforcing better security. Catlett emphasizes utilizing AI for generic tasks to focus on crafting customized security strategies.

Show Notes

In this episode of The Secure Developer, host Guy Podjarny chats with experienced CISO Sean Catlett about transforming traditional security cultures into a more modern, engineering-first approach. Together, they delve into the intricacies of this paradigm shift and the resulting impact on organizational dynamics and leadership perspectives.

Starting with exploring how an empathetic understanding of a business's operational model can significantly strengthen security paradigms, the discussion progresses toward the importance of creating specialized security protocols per unique business needs. They stress that using AI and other technologies for generic tasks can free up teams to concentrate on building tailored security solutions, thereby amplifying their efficiency and impact on the company's growth.

In the latter part of the show, Catlett and Podjarny investigate AI's prospective role within modern security teams and lay out some potential challenges. Recognizing the rapid evolutionary pace of such technologies, they believe keeping up with AI advancements is crucial for capitalizing on its benefits and pre-empting potential pain points.

AI-curious listeners will find this episode brimming with valuable insights as Catlett and Podjarny demystify the complexities and highlight the opportunities of the current security landscape. Tune in to learn, grow, and transform your security strategy.

Links

• Slack
• FedRAMP
• GitHub Copilot
• ChatGPT
• Snyk - The Developer Security Company

Follow Us

• Our Website
• Our LinkedIn

Episode Summary

Laura Bell Main, CEO at SafeStack, discusses the two-fold implications of AI for threat modeling in DevSecOps. She highlights challenges in integrating AI systems, the importance of data verifiability, and the potential efficiencies AI tools can introduce. With guidance, she suggests it's possible to manage the complexities and ensure the responsible utilization of AI.

Show Notes

In this intriguing episode of The Secure Developer, listen in as Laura Bell Main, CEO at SafeStack, dives into the intricate world of AI and its bearing on threat modeling. Laura provides a comprehensive glimpse into the dynamic landscape of application security, addressing its complexities and the pivotal role of artificial intelligence.

Laura elucidates how AI has the potential to analyze vulnerabilities, identify risks, and make repetitive tasks efficient. As she delves deeper, she explores how AI can facilitate processes and significantly enhance security measures within the DevSecOps pipeline. She also highlights a crucial aspect - AI is not just an enabler but should be seen as a partner in achieving your security objectives.

However, integrating AI into existing systems is not without its hurdles. Laura illustrates the complexities of utilizing third-party AI models, the vital importance of data verifiability, and the possible pitfalls of over-reliance on an LLM.

As the conversation advances, Laura provides insightful advice to tackle these challenges head-on. She underscores the importance of due diligence, the effective management of AI integration, and the necessity of checks and balances. With proactive measures and responsible use, she affirms that AI has the potential to transform threat modeling.

Don't miss this episode as Laura provides a thoughtful overview of the intersection of AI and threat modeling, offering important insights for anyone navigating the evolving landscape of DevSecOps. Whether you're a developer, a security enthusiast, or a tech leader, this episode is packed with valuable takeaways.

Links

• Agile Application Security
• Security for Everyone
• Microsoft STRIDE
• OWASP Top 10 for Large Language Model Applications
• Snyk - The Developer Security Company

Follow Us

• Our Website
• Our LinkedIn

Episode Summary

Guy explores AI security challenges with Salesforce's VP of Security, Henrik Smith. They discuss the fine line between authentic and manipulated AI content, stressing the need for strong operational processes and collaborative, proactive security measures to safeguard data and support secure innovation.

Show Notes

In this episode, host Guy Podjarny sits down with Henrik Smith, VP of Security at Salesforce, to delve into the intricacies of AI and its impact on security. As the lines between real and artificially generated data become increasingly blurred, they explore the current trends shaping the AI landscape, particularly in voice impersonation and automated decision-making.

During the conversation, Smith articulates the pitfalls organizations face as AI grows easier to access and misuse, potentially bypassing security checks in the rush to leverage new capabilities. He urges listeners to consider the importance of established processes and the responsible use of AI, especially regarding sensitive data and upholding data governance policies.

The episode also dives into security as a facilitator rather than an inhibitor within the development process. Smith shares his experiences and strategies for fostering cross-departmental collaboration at Salesforce, underscoring the value of shifting left and fixing issues at their source. He highlights how security can and should act as an enabling service within organizations, striving to resolve systemic risks and promoting a culture of secure innovation.

Whether an experienced security professional or a tech enthusiast intrigued by AI, this episode promises to offer valuable insights into managing AI's security challenges and harnessing its potential responsibly.

Links

• Snyk's 2023 AI-Generated Code Security Report
• Salesforce
• Snyk - The Developer Security Company

Follow Us

• Our Website
• Our LinkedIn

Episode Summary

In this episode of The Secure Developer, our co-hosts Simon Maple and Guy Podjarny discuss the rise of AI in code generation. Drawing from Snyk's 2023 AI Code Security Report, they examine developers' concerns about security and the importance of auditing and automated controls for AI-generated code.

Show Notes

In this compelling episode of The Secure Developer, hosts Simon Maple and Guy Podjarny delve into the fascinating and fast-paced world of artificial intelligence (AI) in code generation. Drawing insights from Snyk's 2023 AI Code Security Report, the hosts discuss the exponential rise in the adoption of AI code generation tools and the impact this has on the software development landscape.

Simon and Guy reveal alarming statistics showing that most developers believe AI-generated code is inherently more secure than human-written code, but they also express deep-seated concerns about security and data privacy. This dichotomy sets the stage for a stimulating discussion about the potential risks and rewards of integrating AI within the coding process.

A significant point of discussion revolves around the need for more stringent auditing for AI-generated code and much tighter automated security controls. The hosts echo the industry’s growing sentiment about the importance of verification and quality assurance, regardless of the perceived assurance of AI security.

This episode challenges conventional thinking and provides critical insights into software development's rapidly evolving AI realm. It's an insightful listen for anyone interested in understanding the interplay of AI code generation, developer behaviors, and security landscapes.

Links

• Snyk's 2023 AI-Generated Code Security Report
• GitHub Copilot
• Snyk - The Developer Security Company

Follow Us

• Our Website
• Our LinkedIn

Episode Summary

In this episode, Tomasz Tunguz of Theory Ventures discusses the intersection of AI, technology, and security. We explore how AI is revolutionizing software development, data management challenges, and security's vital role in this dynamic landscape. 

Show Notes

In this episode of The Secure Developer, Guy Podjarny engages in a deep and insightful conversation with Tomasz Tunguz, founding partner of Theory Ventures. They delve into the fascinating world of AI security and its burgeoning impact on the software development landscape. Tomasz brings a unique investor's lens to the discussion, shedding light on how early-stage software companies are leveraging AI to revolutionize market strategies.

The conversation navigates through the complexities of AI in the realm of security. Tomasz highlights key trends such as data loss prevention, categorization of AI-related companies, and the significant security challenges in this dynamic space. The episode also touches on the critical role of data governance and compliance in the age of AI, exploring how these elements are becoming increasingly intertwined with security concerns.

A significant part of the discussion is dedicated to the future of AI-powered software development. Guy and Tomasz ponder the evolution of coding, predicting a shift towards higher levels of abstraction and the potential challenges this may pose for security. They speculate on the profound changes AI could bring, transforming how software is developed and the implications for developers and security professionals.

This episode provides a comprehensive look into the intersection of AI, technology, and security. It's a must-listen for anyone interested in understanding AI's current and future landscape in the tech world, especially from a security standpoint. The insights and predictions offered by Tomasz Tunguz make it an engaging and informative session, perfect for professionals and enthusiasts alike who are keen to stay ahead.

Links

• Theory Ventures
• OpenAI
• GitHub
• Amazon Web Services (AWS)
• Google Cloud
• Microsoft Azure
• Monte Carlo
• Gable
• Snyk - The Developer Security Company

Follow Us

• Our Website
• Our LinkedIn

Episode Summary

In this episode, Dr. Christina Liaghati discusses incorporating diverse perspectives, early security measures, and continuous risk evaluations in AI system development. She underscores the importance of collaboration and shares resources to help tackle AI-related risks.

Show Notes

In this enlightening episode of The Secure Developer, Dr. Christina Liaghati of MITRE offers valuable insights on the necessity of integrating security considerations right from the design phase in AI system development. She underscores the fact that cybersecurity issues can’t be fixed solely at the end of the development process; rather, understanding and mitigating vulnerabilities require continual iterative discovery and investigation throughout the system's lifecycle.

Dr. Liaghati emphasizes the need for incorporating diverse perspectives into the process, specifically highlighting the value of expertise from fields like psychology and human-centered design to grasp the socio-technical issues associated with AI use fully. She sounds a cautionary note about the inherent risks when AI is applied in critical sectors like healthcare and transportation, which calls for thorough discussions about these deployments.

Additionally, she introduces listeners to MITRE's ATLAS project, a community-focused initiative that seeks to holistically address the challenges posed by AI, drawing lessons from past experiences in cybersecurity. She points out the ATLAS project as a resource for learning about adversarial machine learning, particularly useful for those coming from a traditional cybersecurity environment or the traditional AI side.

Importantly, she talks about the potential of AI technology as a tool to improve day-to-day activities, exemplified by email management. These discussions underscore the importance of knowledgeable and informed debates about integrating AI into various aspects of our society and industries. The episode serves as a useful guide for anyone venturing into the world of AI security, offering a balanced perspective on the potential challenges and opportunities involved.

Links

• MITRE ATLAS Project
• Arsenal CALDERA Plugin for Adversary Emulation
• IBM's Adversarial Robustness Toolbox (ART)
• Microsoft's Counterfit Tool
• MIT AI 101 Course (free)
• Women in CyberSecurity (WiCyS)
• MITRE's Twitter Account
• MITRE's LinkedIn Page
• Snyk - The Developer Security Company

Follow Us

• Our Website
• Our LinkedIn

As AI adoption continues to grow, it's important that effective risk management strategies and industry security standards evolve along with it. To discuss this, we are joined by Royal Hansen, the VP of Engineering for Privacy, Safety, and Security at Google, where he drives the overall information security strategy for the company’s technical infrastructure (and keeps billions of people safe online).

Royal cut his teeth as a software developer for Sapient before building a cyber-security practice in the financial services industry at @stake, American Express, Goldman Sachs, and Morgan Stanley. In this episode, he explains why adhering to a bold and responsible framework is critical as AI capabilities are integrated into products worldwide and provides an overview of Google’s Secure AI Framework (SAIF), designed to help mitigate risks specific to AI systems. Royal unpacks each of the six core elements of SAIF, emphasizes the importance of collaboration, shares how he uses AI in his personal life, and much more.

Today’s conversation outlines a practical approach to addressing top-of-mind AI security concerns for consumers and security and risk professionals alike, so be sure to tune in!

Key Topics:

• Understanding the boardroom significance: Explore why CISOs, like Jeff Farinich and Rich Lindberg, are indispensable in steering cybersecurity initiatives aligned with business priorities.
• Strategies for boardroom effectiveness: Learn how experienced CISOs establish their presence, build relationships, and foster collaboration with other business functions.
• Translating tech jargon into business terms: Gain insights on effective communication techniques that bridge the gap between complex cybersecurity concepts and boardroom discussions.
• Overcoming challenges: Hear firsthand experiences and strategies from our guests, how they are navigating evolving threats, resource constraints, and securing executive buy-in.
• Driving meaningful metrics: Discover methodologies for establishing key performance indicators (KPIs) that demonstrate the organization’s security posture and convey the value of cybersecurity initiatives to the board.
• Creating a security culture: Explore practical approaches to foster a security-conscious mindset throughout the organization.

Hosts:

Kayla Williams

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/kayla-williams

Taylor Parsons

On ITSPmagazine | https://itspmagazine.com/itspmagazine-podcast-radio-hosts/taylor-parsons

________________________________

This Episode’s Sponsors

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

________________________________

Episode Description

Diving in to Project and Risk Management for teams, programs, leaders, and stakeholders! Who is responsible and why is it important? We will dive in to Kayla's past article, programs that she has developed, and how we have both managed projects, implementations, and identified potential issues before they become bigger issues.

________________________________

Resources

Risk Management For Beginner Project Managers: A Guide: https://www.linkedin.com/pulse/risk-management-beginner-project-managers-guide-kayla-williams/?trackingId=ue%2F81J9%2F5iS0GFXib8Ubqw%3D%3D

________________________________

For more podcast stories from The Locked Down Podcast With Kayla Williams and Taylor Parsons: https://itspmagazine.com/locked-down-podcast

Watch the webcast version on-demand on YouTube:

https://www.youtube.com/playlist?list=PLnYu0psdcllSNOVxx-zkXPYN6dxzuG8GG

Hosts:

Kayla Williams

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/kayla-williams

Taylor Parsons

On ITSPmagazine | https://itspmagazine.com/itspmagazine-podcast-radio-hosts/taylor-parsons

________________________________

This Episode’s Sponsors

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

________________________________

Episode Description

Diving in to Project and Risk Management for teams, programs, leaders, and stakeholders! Who is responsible and why is it important? We will dive in to Kayla's past article, programs that she has developed, and how we have both managed projects, implementations, and identified potential issues before they become bigger issues.

________________________________

Resources

Risk Management For Beginner Project Managers: A Guide: https://www.linkedin.com/pulse/risk-management-beginner-project-managers-guide-kayla-williams/?trackingId=ue%2F81J9%2F5iS0GFXib8Ubqw%3D%3D

________________________________

For more podcast stories from The Locked Down Podcast With Kayla Williams and Taylor Parsons: https://itspmagazine.com/locked-down-podcast

Watch the webcast version on-demand on YouTube:

https://www.youtube.com/playlist?list=PLnYu0psdcllSNOVxx-zkXPYN6dxzuG8GG

Guest: Jill Orhun, Founder and Climate Entrepreneur

On LinkedIn | https://www.linkedin.com/in/jillorhun/

On Twitter | https://twitter.com/JillOrhun

Hosts:

Kayla Williams

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/kayla-williams

Taylor Parsons

On ITSPmagazine | https://itspmagazine.com/itspmagazine-podcast-radio-hosts/taylor-parsons

________________________________

This Episode’s Sponsors

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

________________________________

Episode Description

Explanation of ESG and why it's important to everyone including cybersecurity programs. Asking the fundamental questions of what is ESG and why we should care.

We will ask Jill about her experience with ESG, why it's not a trend, and the impact it has on every organization.

________________________________

For more podcast stories from The Locked Down Podcast With Kayla Williams and Taylor Parsons:

https://itspmagazine.com/locked-down-podcast

Watch the webcast version on-demand on YouTube:

https://www.youtube.com/playlist?list=PLnYu0psdcllSNOVxx-zkXPYN6dxzuG8GG

Guest: Jill Orhun, Founder and Climate Entrepreneur

On LinkedIn | https://www.linkedin.com/in/jillorhun/

On Twitter | https://twitter.com/JillOrhun

Hosts:

Kayla Williams

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/kayla-williams

Taylor Parsons

On ITSPmagazine | https://itspmagazine.com/itspmagazine-podcast-radio-hosts/taylor-parsons

________________________________

This Episode’s Sponsors

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

________________________________

Episode Description

Explanation of ESG and why it's important to everyone including cybersecurity programs. Asking the fundamental questions of what is ESG and why we should care.

We will ask Jill about her experience with ESG, why it's not a trend, and the impact it has on every organization.

________________________________

For more podcast stories from The Locked Down Podcast With Kayla Williams and Taylor Parsons:

https://itspmagazine.com/locked-down-podcast

Watch the webcast version on-demand on YouTube:

https://www.youtube.com/playlist?list=PLnYu0psdcllSNOVxx-zkXPYN6dxzuG8GG

Hosts:

Kayla Williams

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/kayla-williams

Taylor Parsons

On ITSPmagazine | https://itspmagazine.com/itspmagazine-podcast-radio-hosts/taylor-parsons

________________________________

This Episode’s Sponsors

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

________________________________

Episode Description

Get an intro to Kayla & Taylor and our unique relationship. In this first episode you will get to know about Kayla and Taylor's background, how we interact, and our different opinions on subjects!

________________________________

For more podcast stories from The Locked Down Podcast With Kayla Williams and Taylor Parsons:

https://itspmagazine.com/locked-down-podcast

Watch the webcast version on-demand on YouTube:

https://www.youtube.com/playlist?list=PLnYu0psdcllSNOVxx-zkXPYN6dxzuG8GG

Hosts:

Kayla Williams

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/kayla-williams

Taylor Parsons

On ITSPmagazine | https://itspmagazine.com/itspmagazine-podcast-radio-hosts/taylor-parsons

________________________________

This Episode’s Sponsors

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

________________________________

Episode Description

Get an intro to Kayla & Taylor and our unique relationship. In this first episode you will get to know about Kayla and Taylor's background, how we interact, and our different opinions on subjects!

________________________________

For more podcast stories from The Locked Down Podcast With Kayla Williams and Taylor Parsons:

https://itspmagazine.com/locked-down-podcast

Watch the webcast version on-demand on YouTube:

https://www.youtube.com/playlist?list=PLnYu0psdcllSNOVxx-zkXPYN6dxzuG8GG

We couldn't wait to speak to Claire Humble to find out why transformation in the UK Security Industry is so important.  It's fair to say,  there is a lot of great content here around real progressive security leadership, and Claire is a wonderful advocate when it comes to singing about the best that the Security Industry can offer. 

Claire say's "We've got to really cast off those shackles of being a legacy security service where we just look at buildings, walk around buildings, lock some doors and close windows with so much more than that and we can add so much more value" 

About Claire Humble

Advancing to senior leadership level in Cleveland and New Zealand Police, Claire has transitioned over to the corporate world, co-founding a Safety & Security Consultancy, Learning and Development and SMART business, Nuxform. As an accomplished transformational change agent, Claire has positively impacted many organisations' culture, people, and processes, nationally and globally. 

An engaging speaker who captivates multicultural audiences, presenting on topics that resonate with others, such as ‘Transformational Change within Security Sector’, she is frequently invited to attend webinars as a panel member. She holds a Master’s in International Security that complements her vast experience in security, risk and resilience. Advocating Equality, Diversity and Inclusion, Claire sits on multiple ED&I working groups in renowned international security institutes.

• A versatile senior executive with over 30 years’ experience blazing a trail for advancement of Equality, Diversity & Inclusion (ED&I), transformation and cultural change within global safety and security agendas. Passionate and ethical leader, well versed in speaking across multicultural and global landscapes, building resilience and enriching lives.
• Transforms business cultures and delivers modern and contemporary results. Spearheads transformational change spanning people, process and technology. Introduces smarter ways of working and embraces innovation.
• Advises senior level stakeholders and influences decision-makers. Provides a wealth of knowledge and insight relating to security, risk and resilience. Imparts strategic and operational guidance to protect people and assets.
• Leads by example, resolves conflicts, remains impartial and highlights importance of diverse talent. Coaches and mentors individuals of all levels, encourages effective decisions and communication, and instils core values.

Claires Linked In profile
https://www.linkedin.com/search/results/all/?fetchDeterministicClustersOnly=false&heroEntityKey=urn%3Ali%3Afsd_profile%3AACoAABH8eKwBrN33Le0o5yQoM5LL4CJwRl9RKoA&keywords=claire%20humble%20(mlntlsy)&origin=RICH_QUERY_SUGGESTION&position=0&searchId=da97867f-c57a-409e-b60a-fba0a1e52d9f&sid=3s2

Security Circle ⭕️ is an IFPOD production for IFPO the International Foundation of Protection Officers