Search a title or topic

Over 20 million podcasts, powered by 

Player FM logo
Artwork

Content provided by Izar Tarandach, Matt Coles, and Chris Romeo, Izar Tarandach, Matt Coles, and Chris Romeo. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Izar Tarandach, Matt Coles, and Chris Romeo, Izar Tarandach, Matt Coles, and Chris Romeo or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.
Player FM - Podcast App
Go offline with the Player FM app!

The Future Role of Security and Shifting off the Table

54:58
 
Share
 

Manage episode 380056173 series 3425254
Content provided by Izar Tarandach, Matt Coles, and Chris Romeo, Izar Tarandach, Matt Coles, and Chris Romeo. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Izar Tarandach, Matt Coles, and Chris Romeo, Izar Tarandach, Matt Coles, and Chris Romeo or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

The Security Table gathers to discuss the evolving landscape of application security and its potential integration with development. Chris posits that application or product security will eventually be absorbed by the development sector, eliminating the need for separate teams. One hindrance to this vision is the friction between security and engineering teams in many organizations.
Many people think that security incidents have negative implications on brand reputation and value. Izar points out that, contrary to popular belief, major security breaches, such as those experienced by Sony and MGM, do not have a lasting impact on stock prices. Chris counters this by highlighting the potential for upcoming privacy legislation in the U.S., which could shift the focus and importance of security in the corporate world.
Chris envisions a future where the security team is dissolved and its functions are absorbed across various business units. This would lead to better alignment, reduced infighting, and more efficient budget allocation. Security functions need to be placed where they can have the most significant impact, without the potential conflicts that currently exist between security teams and other business units.
The second topic of discussion is the "shift left" movement in the realm of application security. There is ambiguity and potential misuse of the term. What exactly is being shifted and from where does the shift start? The term "shift left" suggests moving security considerations earlier in the development process. However, the hosts point out that the phrase has been co-opted and weaponized for marketing purposes, often without a clear understanding of its implications. For instance, they highlight that while it's easy to claim that a product or process "shifts left," it's essential to define what is being shifted, how much, and the tangible benefits of such a shift.
Matt emphasizes the idea of not just shifting left but starting left, meaning that security considerations should begin from the requirements phase of a project. Chris mentions that the concept of shifting left isn't new and cites Joe Jarzombek's late 90s initiative called "Building Security In" as a precursor to the current shift left movement. The hosts also humorously liken the shift left movement to a game of Frogger, suggesting that if one shifts too much to the left, they might miss the mark entirely. The discussion underscores the need for clarity and purpose when adopting the shift left philosophy, rather than just using it as a buzzword.

FOLLOW OUR SOCIAL MEDIA:

➜Twitter: @SecTablePodcast
➜LinkedIn: The Security Table Podcast
➜YouTube: The Security Table YouTube Channel

Thanks for Listening!

  continue reading

78 episodes

Artwork
iconShare
 
Manage episode 380056173 series 3425254
Content provided by Izar Tarandach, Matt Coles, and Chris Romeo, Izar Tarandach, Matt Coles, and Chris Romeo. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Izar Tarandach, Matt Coles, and Chris Romeo, Izar Tarandach, Matt Coles, and Chris Romeo or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

The Security Table gathers to discuss the evolving landscape of application security and its potential integration with development. Chris posits that application or product security will eventually be absorbed by the development sector, eliminating the need for separate teams. One hindrance to this vision is the friction between security and engineering teams in many organizations.
Many people think that security incidents have negative implications on brand reputation and value. Izar points out that, contrary to popular belief, major security breaches, such as those experienced by Sony and MGM, do not have a lasting impact on stock prices. Chris counters this by highlighting the potential for upcoming privacy legislation in the U.S., which could shift the focus and importance of security in the corporate world.
Chris envisions a future where the security team is dissolved and its functions are absorbed across various business units. This would lead to better alignment, reduced infighting, and more efficient budget allocation. Security functions need to be placed where they can have the most significant impact, without the potential conflicts that currently exist between security teams and other business units.
The second topic of discussion is the "shift left" movement in the realm of application security. There is ambiguity and potential misuse of the term. What exactly is being shifted and from where does the shift start? The term "shift left" suggests moving security considerations earlier in the development process. However, the hosts point out that the phrase has been co-opted and weaponized for marketing purposes, often without a clear understanding of its implications. For instance, they highlight that while it's easy to claim that a product or process "shifts left," it's essential to define what is being shifted, how much, and the tangible benefits of such a shift.
Matt emphasizes the idea of not just shifting left but starting left, meaning that security considerations should begin from the requirements phase of a project. Chris mentions that the concept of shifting left isn't new and cites Joe Jarzombek's late 90s initiative called "Building Security In" as a precursor to the current shift left movement. The hosts also humorously liken the shift left movement to a game of Frogger, suggesting that if one shifts too much to the left, they might miss the mark entirely. The discussion underscores the need for clarity and purpose when adopting the shift left philosophy, rather than just using it as a buzzword.

FOLLOW OUR SOCIAL MEDIA:

➜Twitter: @SecTablePodcast
➜LinkedIn: The Security Table Podcast
➜YouTube: The Security Table YouTube Channel

Thanks for Listening!

  continue reading

78 episodes

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Listen to this show while you explore
Play