))
From DMZs to DevSecOps: Building Modern AppSec Programs with Gunnar Peterson
Manage episode 461219658 series 3603368
محتوای ارائه شده توسط Robert Wood and Sidekick Security. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط Robert Wood and Sidekick Security یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
In this conversation, Robert Wood and Gunnar Peterson delve into the complexities of application security (AppSec), discussing its evolution, the importance of building effective AppSec programs, and the need for engaging developers in security practices. They explore the blurred lines between cloud security and application security, the role of posture management tools, and the significance of an asset-centric approach to security. Gunnar emphasizes the importance of understanding key use cases and platforms within an organization, as well as the need for security professionals to broaden their skill sets to navigate the changing landscape of cybersecurity effectively.
Takeaways
- Application security is evolving, requiring a focus on both technology and human factors.
- Understanding the organization's current state is crucial for building an effective AppSec program.
- Coverage and efficacy are key metrics for assessing AppSec initiatives.
- Engaging developers is essential for successful security practices.
- In larger organizations, security efforts can become check-the-box activities.
- The lines between cloud security and application security are increasingly blurred.
- Posture management tools are emerging to address skill gaps in AppSec.
- An asset-centric approach to security is gaining traction in the industry.
- New security professionals should prioritize understanding key business use cases.
- The future of security will require blending traditional practices with new technologies.
Sound Bites
- "Good judgment comes from experience."
- "You have to have the humility to recognize."
Chapters
00:00 Introduction to Application Security and Its Evolution
02:59. Building an Effective AppSec Program
05:51. Understanding Coverage and Efficacy in AppSec
08:58. Engaging Developers in Security Practices
11:52. Navigating Federated Environments in Security
14:55. The Blurred Lines Between Cloud and Application Security
17:46. The Role of Posture Management Tools in AppSec
21:10. The Importance of Asset-Centric Security
23:55. Advice for New Security Professionals
26:45. Final Thoughts and Future Trends in Security
4 قسمت
اشتراک گذاری
