The Art Shaping Application Security at Scale with Seth J. Kirschner

Summary

The conversation explores the topic of application security maturity within organizations and its relationship with developers, teams, management, and products. The guest, Seth, shares his insights and experiences in building application security programs. He emphasizes the importance of communication channels and learning and development opportunities for developers. Seth also discusses the role of security champions and the implementation of guardrails as preventative controls. The conversation highlights the challenges of onboarding new developers and suggests strategies such as automated messaging, open communication channels, and recognition programs. In this conversation, Seth Kirschner discusses various aspects of application security, including the challenges faced by developers, the importance of collaboration between security and development teams, and strategies for incentivizing developers to prioritize security. He also shares insights on implementing security programs, dealing with vulnerabilities, and the future of application security. The conversation highlights the significance of software supply chain security as a major threat in the coming years.

Takeaways

  • Building an application security program starts with knowing the company, people, and applications.
  • Open communication channels and establish training and resources for developers to understand security best practices.
  • Security champions are individuals who have an interest in security and can lead efforts within their teams.
  • Guardrails are preventative controls that guide developers to make better decisions and prevent misconfigurations.
  • Onboarding new developers should involve gradual exposure to security guidelines and resources.
  • Recognition programs, such as leaderboards, can motivate developers to engage in security practices.
  • Incentivizing developers through monetary and non-monetary rewards can encourage them to prioritize security.
  • Choosing the right vulnerability scanning tools and evaluating their fit for the organization is important.
  • Regularly reviewing and updating security practices and tools is necessary for program maturity.
  • In small organizations, outsourcing or seeking guidance from trusted advisors can help establish basic security measures.
  • Software supply chain security, particularly open source models and code bases, poses a significant threat in the future.

Timestamps

00:00 Introduction and the Impact of Individual Developers
09:21 Building an Application Security Program
29:39 Motivating Developers with Recognition Programs
36:45 Incentivizing Developers to Prioritize Security
44:55 Regular Review and Update of Security Practices
54:59 Implementing Security Measures in Small Organizations
01:05:13 The Threat of Software Supply Chain Security

Subscribe to Dev Academy

Join over 6000 subscribers that receive latest knowledge and tips!

    By submitting this form you agree to receive emails with news, promotions and products and you accept Privacy Policy.