[00:01:05] Guy Podjarny: Hello everyone. Welcome back to The Secure Developer. I’m Guy Podjarny the founder of Snyk and your host, as always. Today, we have a very special episode. Amazingly, this is the 100th episode of the podcast, which I find mind blowing. I mean, I started this podcast, really with the intent to bring some of the sharing mentality that really played a key role in DevOps, moving it forward and helping understand that failure is an option. I tried to bring some of that mentality to the security world, which really doesn’t have enough of it, doesn’t really have enough opportunities for people to share their leanings and help all of us avoid the same mistakes.
Really, the intent was to create a stage for security practitioners, security leaders to come in and share, share their learnings share their practices, their perspectives, and philosophies. This way, we can all get better by learning from each other, just advance the state of the art. It was a bit of a bet, it’s really quite scary to share and open up around your approach to security and how you’re tackling it. It’s, it’s easy to think that if you tell people how you defend and how you secure, then attackers will use that against you and find the flaws, but if we don’t share that way, then we’re all learning on our own and we don’t really progress nearly as much as a community, as an industry.
So, I find it really important and this makes me even more appreciative of all these great, smart folks that came on the show, and shared and shared a ton. For me, it’s that, frankly, it’s a treat to just have this this excuse to get airtime with these smart people. I get to ask them the questions that I find interesting and I learned so much from every one of these episodes. It’s amazing. Then to top that up with the fact that there’s this big and growing community of developers and security practitioners and leaders, again, who are eager to learn and tune in to the podcast, all of you listeners coming in, that just makes it a true privilege to host this show to serve all of your listeners and to meet all these great people coming as guests.
So, I’d to start this 100th episode with just a big thank you. Thank you to the guests who really put in and invest the time to help all of us get better. A huge thanks to you, the listeners. Really, I find that you help us, as a community, you help us advance the state of the art in security and you help us make security more inclusive, more developer minded, more scalable, and at the end of the day that contributes to the industry and contributes to our digital lives to embed security into this modern technology world.
Lastly, I’d to also personally thank a person that is behind the scenes running this podcast. So you don’t hear her name, but Sam Hepburn is the person, you sometimes hear in intros and promos and she behind the scenes has been running this podcast for a good while and plays a huge role in making the podcast what it is today and DevSecCon, as a community that she doesn’t get episode of airtime or recognition. Sam, huge thanks for making the podcast happen and for all this other great work you do. You’re amazing. Keep it up.
Lastly, before I veer into the episode itself, I’d like to make a small ask of all of your listeners, as we grow the podcast, we’d love to hear from you, your topics what is it that you wants to hear us cover on the podcast. You’re a guests, who would you like to see on the show? Format, are the episodes too short? Are they too long? Do we want to try and do you like the mixes? Do you like only having individual guests? Those are super, super helpful when we get this type of feedback. I would love any bits of advice or opinions, or just thumbs up, thumbs downs on capabilities. If you have such thoughts, please share those with us on the firstname.lastname@example.org. We also have a shortcut which is email@example.com. So, we really do want to hear from you, please share.
With that, let’s switch into the podcast itself this episode. For this 100th episode, we’re doing something a bit different instead of having a guest, we’re actually collecting some wisdom from past guests. If you’ve been following the podcast, you would know that for really about 80 or so episodes, I always concluded episodes by asking the guests for one bit of advice. The question is typically something like, if you have one bit of advice to share with a team looking to level up their security fu, what would that be?
I like that question, because it’s open ended, because people take it in many, many different directions. I don’t give guests further guidance on what they should talk about. So, people really take it in different paths, and it’s very inspiring, really allows for creativity. So, what we’ve done for this episode is that we’ve picked a subset, a subset of this ton of great advice, we couldn’t really cover all of it. So, we picked a few highlights, and we group to them together a little bit, to help see them, when themes recur and we collected them in this episode to hear it.
If you want to hear all of the advice, you’re going to have to go back and re-listen to all those episodes, but hopefully, this one gives you a bit of a concise view on some creative thinking of how to level up your security fu. With that, let’s get to it and here’s some of this collective wisdom from our past guests.
Before I introduce a specific topic, it’s worth noting, that I will mention a person’s name and the company that worked at, at the time of the episode. So, some of these episodes happened a while ago, a bunch of these folks that work at different companies. So, just to avoid confusion, I’m referring to the companies that they were at when they gave that advice for the best context.
The first bits of advice come around focusing on the threats you’re actually facing. We have Kelly from Capsule8, Steve White, from Pivotal VMware. Shannon Lietz from Intuit. Talk a little bit about how do you really choose what to focus on first?
[00:08:45] Guy Podjarny: So, those great advice around focusing on threats that actually apply to your specific surrounding. Sometimes you can have a few too many of those types of threats. The next couple of bits coming from Brandon at Toast, and from Vandana, who is an old board member, talk a little bit about not boiling the ocean, and trying to manage your load. Let’s hear Brandon and Vandana.
[00:10:42] Guy Podjary: Great, a couple of more great bits of advices, maybe just a bit of a plug that Vandana, now joined Snyk and we’re very, very happy to have her. Cool. So, we talked about focusing on those threats that you face, we talked about how you’re not boiling the ocean, and then maybe a bit of advice about how do you implement, which really focus around automation. So, we’ve got Zach from One Medical, we’ve got Ryan Ware from Intel and then we’ve got Kyle Randolph, who was at Optimizely, and actually came on to the episode twice, on to this podcast show twice, talking a little bit about the importance of automation. Let’s hear them out.
[00:13:48] Guy Podjarny: Cool. So, hopefully this was some useful advice around to focus on your priorities. Where you put in the investment, how do you implement it. Let’s switch a little bit to people clearly all of this great practices you need the actual the actual people that are able to implement them. There was a lot of emphasis on people in the various bits of advice that we have. Here are three bits of advice, talking about the importance of diverse sets of skills within your team. We’re going to hear from Michael Hanley, who was at Duo/Cisco, Geoff, who at the time was at Slack and recently came on as of LinkedIn onto the show. We’ve got Sacha Faust, who was at Lyft and then Amazon, coming on to the show. Let’s hear them out talking about team diversity.
[00:17:24] Guy Podjarny: Very cool. I hope those bits convinced you that you really should invest in different skills, different competencies within your tool. Your team is important, but investing in yourself is also really important. That was another chunk or recurring theme, these advices just think about and how do you always be learning. So, we’re going to hear Roland Cloutier, who’s the CISO of ADP at the time, and we’ve got Stu Hirst, who was at Just Eat, and Sara Dunnack from Envision, let’s hear them talk about personal growth and about investing in yourself.
[00:20:22] Guy Podjarny: Awesome. So, we had five different categories that hopefully, we’re already showing some diverse wisdom in how you should level up your security. The next one, we’ll talk about your team or yourself, but more about all those people that we are supporting. Maybe this was the biggest theme across the podcast is really this notion of collaboration and empowerment. So, the next actually put in five bits of advice, because this was such a recurring theme, talk about how do you collaborate with the rest of the organization.
We’re going to have Andy from Pinterest, talk about his view. We’ve got Wendy from Experian. We’ve got Leif and Eric who are at Segment, running the program over there. Then we’ve got Liran Tal, who is our very own here at Snyk Developer Relations Lead, talk about his views. Then lastly, in this section, we have Francois Raynaud, who really started DevSecCon and is a big committee person talking about how to make security more inclusive and collaborate with others. Let’s hear from these five great people around collaborating with the rest of the org and then empowering others.
[00:25:25] Guy Podjarny: To finish off, we’re going to end on a positive note. We have four bits of advice, focusing on keeping a positive attitude on thinking about security, not just as this downer and risk reduction, but also, it’s something that can help you out. We’re going to hear from Alyssa, who at the time was our security advocate here at Snyk. We’re going to hear from Julie Tsai who was at Rubric, Andy Ellis, who’s a bit of a legendary CISO of Akamai. Tad Whitaker from CircleCI, let’s hear them all talking about taking a positive spin on security.
[00:30:12] Guy Podjarny: With that, that’s the conclusion of our 100th episode. I want to just quickly repeat a huge thank you to all of you who make this happen. Also repeats the say, if you like this format, other formats, any thoughts you have, please email us at firstname.lastname@example.org, we’d love to hear from you. That’s it for today. Thanks for tuning in. I hope you join us for the next one.
[00:30:39] ANNOUNCER: Thanks for listening to The Secure Developer. That’s all we have time for today. To find additional episodes and full transcriptions, visit thesecuredeveloper.com. If you’d to be a guest on the show, or get involved in the community, find us on Twitter at @devseccon. Don’t forget to leave us a review on iTunes if you enjoyed today’s episode.
Bye for now.