Let's Talk AppSecOps

Let's Talk AppSecOps

Agile DevOps, Cloud Deployment, Microservices, and Open Source have all dramatically accelerated application delivery and complexity. Today’s AppSec teams, outnumbered by as much as 100:1 by developers, depend on a collection of point security products and siloed manual processes. This leaves them struggling to gain the visibility, insight, and process scale they need to identify and protect the always changing and growing application risk surface. This resulting AppSec Chaos means applications ship fast without the assurance of shipping securely, leaving the organization at risk of breaches and losses. Welcome to the Let's Talk AppSecOps show, where we bring discussions with security thought leaders and practitioners and software development minds from leading enterprises to talk about their concerns, case studies, and best practices in operationalizing application security. This show is hosted by ArmorCode experts. It talks about how security and development teams can work together and implement practical security measures. Mark Lambert is a AppSecOps Evangelist and VP of Products at ArmorCode, breaking down the communication barrier between Developers and Security experts to help organizations adopt and scale security practices within their development teams. Mark is passionate about applying technology innovations to solving real world business problems. For the last 20 years, he has been working with the world's leading brands to streamline the delivery of secure, reliable and compliant software applications across Enterprise IT and Embedded/IoT markets.Mark has been invited to speak at numerous industry events, and been published in industry media. Luis is a Senior Solutions Engineer at ArmorCode and he comes from a background that includes names big and small. His technical skills have been forged in the fires of prospects and clients alike. Luis's diverse skill set includes the ability to explain technology to non-technical audiences, set up a “pizza box” in a freezer, cook a perfect elk steak over a mesquite-fueled grill, and spend late nights in a war-room! His plethora of application security skills and ability to social engineer the feathers off an owl, serves him well as our Senior Solutions Engineer! Nikhil Gupta is co-founder and CEO of ArmorCode. He is a successful serial entrepreneur with more than 25 years of experience. Prior to founding ArmorCode, Nikhil was CEO and Co-founder of Avid Secure which was acquired by Sophos. Avid Secure built a marketing-led AI-powered multi-cloud security and compliance platform. Nikhil has held several leadership positions in VMWare, Cisco, ForeScout, Ericsson (joined through the acquisition of Entrisphere), Alcatel, And Bell Labs. Nikhil holds an MBA from Columbia Business School and BS and MS in Computer Science. LingRaj Patil is the Head of Marketing at ArmorCode and a renowned speaker and business growth leader with 20+ years of experience spanning engineering and marketing in Seed, Series A/B/C/D, Unicorn, and Fortune 500 companies. He is a guest speaker on Marketing and Entrepreneurial Strategy at Stanford University. He has a passion for building communities that bring thought leaders and practitioners together to rally around the challenges and opportunities they present. He is also the Executive Chair of the Purple Book Community, a community of software security leaders who are on a mission to build more secure software. Let this show be your guide to hearing inspiring stories of leaders building secure software against odds, hearing insightful case studies, and getting to know more about the leaders who make it all happen. With the software demand increasing nonstop, now is the right time to tune in. Find show episodes at www.armorcode.com/lets-talk-appsecops.

Episodes

November 3, 2022 6 mins

Developers don't want to be slowed down, but security teams don't want development speed driving AppSec posture off a cliff. The compromise: security guardrails instead of release gates. With a basis of mutual trust that only critical findings will be sent for remediation and all critical findings will be remediated, friction between teams can be mitigated. Avoiding alert fatigue is one thing both security and developer talent can ...

Mark as Played

Prioritizing threat/vulnerability findings takes thought, a satellite cam, and a microscope if you don't have an AppSecOps platform at work. There's a lot to consider: criticality variance across tools (they don't come normalized out of the box), threat intelligence on CVEs, and tool/technique weight factors, for starters.


A major concept is the context around the app/sub-app/module associated with a finding. The software's depe...

Mark as Played

Vulnerability Management looks different from business to business. What qualifies a risk as acceptable or not? When should confirmed vulns be fixed by? Perhaps most distressingly, how do we know when vulnerability has actually been remediated? Luis Guzmán talks about the different aspects of vulnerability and its most common musts:


  • Read more
Mark as Played
October 6, 2022 5 mins

It's a common misconception that the first step to building an application security program is sorting out the tooling. In reality, security tools translate well, and most early-game head-scratching will center on process. It helps to start small: SCA (source composition analysis) being an un-intensive and non-invasive first measure is a great launch point. This is not only due to the great availability of SCA tools, but also becau...

Mark as Played
October 6, 2022 8 mins

A short release cycle has myriad benefits: faster delivery to market for new functionalities, and swiftly-improving accuracy toward goals (what we call Agile) chief among them. And from a security perspective, a quick reaction time to zero-day threats thanks to a well-oiled assembly line is invaluable. But, of course, there are drawbacks: like a lack of cohesion and communication between security and dev...

Mark as Played
October 6, 2022 4 mins

The SBOM Movement has gained huge attention in just half a year. Whether as an external dependency of a developing product or a mission-critical tech stack component, inbound software has provenance (and often, vulnerabilities) that need to be reported for security downstream. US and foreign government support, as well as executive action, have done so much to stir awareness of these supporting docs. Man...

Mark as Played

The State of AppSecOps Report found "reducing developer friction" was a top 3 priority for security leaders. A common contributor is the volleying of security responsibilities, especially with infrastructure-as-code—a gray area that often has security and dev teams pointing fingers. To get willing collaboration, security teams need to practice carrot tactics and better understand the expectations and environments their developers a...

Mark as Played

The transition from all-hardware to mostly-digital assets has complicated and decentralized the job of security. Cloud and container apps and infrastructure-as-code are examples of innovations whose security requirements will span multiple desks, as the role of the cybersecurity do-it-all becomes a relic of the past—even for smaller organizations.


About ArmorCode


We develop, sell, and deliver the world’s first and leading App...

Mark as Played

Popular Podcasts

    Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations.

    Math & Magic: Stories from the Frontiers of Marketing with Bob Pittman

    How do the smartest marketers and business entrepreneurs cut through the noise? And how do they manage to do it again and again? It's a combination of math—the strategy and analytics—and magic, the creative spark. Join iHeartMedia Chairman and CEO Bob Pittman as he analyzes the Math and Magic of marketing—sitting down with today's most gifted disruptors and compelling storytellers.

    Crime Junkie

    If you can never get enough true crime... Congratulations, you’ve found your people.

    Stuff You Should Know

    If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.

    New Heights with Jason and Travis Kelce

    Football’s funniest family duo — Jason Kelce from the Philadelphia Eagles and Travis Kelce from the Kansas City Chiefs — team up to provide next-level access to life in the league as it unfolds. The two brothers and Super Bowl champions drop weekly insights about their games and share unique perspectives on trending NFL news and sports headlines. Plus, entertaining stories from a combined 21 years in the league, off-field interests, and engaging conversations with special guests. Watch and listen to new episodes every Wednesday during the NFL season & check us out on Instagram, Twitter and Tiktok for all the best moments from the show.

Advertise With Us
Music, radio and podcasts, all free. Listen online or download the iHeart App.

Connect

© 2024 iHeartMedia, Inc.