Future of Application Security

In this episode of the Future of Application Security podcast, Harshil interviews Felix Matenaar, Head of Product Security at Asana. Felix shares insights into his journey from Germany to Silicon Valley, where he transitioned from mobile security to leading Asana's product security efforts.

The conversation highlights Felix's experience in creating security frameworks that eliminate vulnerabilities by building secure product lifecy...

In this episode of the Future of Application Security, Harshil speaks with Steve Lukose, Vice President of Security at Clari, about how security is becoming a business enabler rather than just an organization. 

Steve explains why SLAs will become one of the benchmarks for security experts to use, but that it won’t necessarily be for all aspects of security. Still, they’ll be a great tool to help security organizations plan ahead fo...

In this episode of the Future of Application Security, Harshil speaks with Aruneesh Salhotra, CEO and Fractional CISO, SNM Consulting Inc. They discuss the unique challenges and opportunities of application security in the financial sector, including how the "necessary evil" of regulations is increasing accountability around security efforts. They also talk about the need for more vigilant software supply chain security, two better...

In this episode of the Future of Application Security, Harshil speaks with Christine Gadsby, VP, Product Security at BlackBerry, a software company specializing in cybersecurity. They discuss the new initiatives driving software transparency, like SBOMs and VEX, and how adoption will not only come from regulations but from companies holding their software suppliers more accountable. They also talk about the need for better telemetr...

In this episode of the Future of Application Security, Harshil speaks with Chad Girouard, AVP Application Security at LPL Financial, a provider of investment and business solutions. They discuss how security teams can better engage with developers, and how they can encourage secure coding through scanning tools and security champion programs. They also talk about how to manage the "results deluge" with single-pane-of-glass tools, h...

In this episode of the Future of Application Security, Harshil speaks with Dave Ferguson, Director of Technical Product Management, Software Supply Chain Security at ReversingLabs, which offers software supply chain security analysis platform. They discuss the rising need for software supply chain security as a result of the complexities around how software is built today. They also talk about ways to identify novel attacks through...

In this episode of the Future of Application Security, Harshil speaks with Curtis Koenig, Head of Application Security at Gen, a multinational software company that provides cybersecurity software and services. They discuss why it's key to be able to articulate why security matters and how it impacts business goals, and what Curtis has learned about how different industries approach risk. They also talk about how security can help ...

In this episode of the Future of Application Security, Harshil speaks with Arthur Loris, Senior Manager, Product Security at Ping Identity, a company that provides self-hosted identity access management (IAM) solutions. They discuss what product security constitutes at Ping Identity, the biggest challenge to great product security, and how security teams need more strategic, tactical plans to achieve their goals. They also talk abo...

In this special episode of the Future of Application Security, recorded at the Developers & Security are Friends Day, Eric speaks with James Wickett, co-founder and CEO of DryRun Security, a company that provides security products for developers. They discuss the misaligned incentives between developers and security and how teams can learn how to speak the same language to increase value. They also talk about how the SLIDE Mode...

In this special episode of the Future of Application Security, recorded at the Developers & Security are Friends Day, Eric speaks with Colleen Dai, Senior Security Researcher at Semgrep, an open source static analysis tool. They discuss strategies security teams can take to reduce false positives, use secure defaults to eliminate bug classes, and reduce complexity in security decision-making. They also talk about ways to build ...

In this special episode of the Future of Application Security, recorded at the Developers & Security are Friends Day, Eric speaks with Johnathan Kuskos, Founder of Chaotic Good Information Security, a boutique professional services company. They discuss what it's like to be a pen tester, some of the unusual things found during testing, and how the 15 Minutes Rule helps you not waste time during your testing. They also talk abou...

In this special episode of the Future of Application Security, recorded at the Developers & Security are Friends Day, Eric speaks with Jim Manico, Founder and CEO of Manicode Security, a secure coding education firm. They discuss the various challenges around certain items on the OWASP Top Ten list, including server side request forgery and access control, and how security and developers can partner for better logging and alert...

In this episode of the Future of Application Security, Harshil speaks with Madjid Nakhjiri, Head of Product Security and Lead Security Architect at TuSimple, a global autonomous driving technology company. They discuss the current landscape of automotive security today, why the industry is expanding its safety initiatives to cyber security initiatives, and the standards rising up to ensure that security. They also discuss the chall...

In this episode of the Future of Application Security, Harshil speaks with David Kosorok, Director of AppSec at Toast, a restaurant point of sale and management system. They discuss how to build an application security program from the ground up by prioritizing initiatives, establishing security champions, and bringing in great people — and why gathering and analyzing good data is the foundation to it all. They also discuss how to ...

In this episode of the Future of Application Security, Harshil speaks with Tim Kelly, Director, Security Engineering at Workrise, a technology company with a platform that supports the energy workforce. They discuss the importance of collecting, storing, and analyzing data in order to enhance application security efforts, and how to go about building a data program that does that. They also discuss the ways in which you can use dat...

In this episode of the Future of Application Security, Harshil speaks with Derek Samford, Senior Director of Product Security at Avalara, a company that builds cloud-based tax compliance solutions. They discuss Derek's approach to product security, including how his team uses data to drive visibility, how feedback loops can build maturity, and how they create application grade cards that inform remediation efforts. They also discus...

In this episode of the Future of Application Security, Harshil speaks with Jacob Salassi, Director, Product Security at Snowflake, a cloud computing and data management company. They discuss how Snowflake approaches product security — from what they expect engineers and developers to do, to their risk-based reporting — and why Jacob takes a scientific approach to it. They also discuss how Jacob's team creates property graphs to bet...

In this episode of the Future of Application Security, Harshil speaks with Helen Oakley, Lead Architect for Software Supply Chain Security at SAP, which develops enterprise software for business operations. They discuss the need for software supply chain security, especially considering how much of software is open source today, and what the current state of adoption is across industries. They also discuss how you can optimize SBOM...

In this episode of the Future of Application Security, Harshil speaks with Steve Springett. They discuss the broad definition of what software supply chain security is, the implementation of SBOMs after the White House's Executive Order, and how organizations can effectively adopt, operationalize, and use SBOMs. They also discuss the biggest drivers for better software supply chain security, why you need to manage more than just vu...