Join Matias Madou for the interview series that brings the world's leading cybersecurity experts, educators, and academics to your living room. Chatting about all things software security, secure coding and the industry at large, it's the podcast for security enthusiasts everywhere.
…
continue reading
UPSTREAM is a podcast for those curious about the security of the software supply chain. In each episode, host Kim Weins speaks with experts, practitioners, and thought leaders about concrete ideas and approaches to improve software supply chain security. This podcast is for everyone inside and outside the world of security. Upstream is brought to you by Anchore.
…
continue reading
1
The Path to Supply Chain Security | A Chat with John Yeoh of Cloud Security Alliance
28:15
28:15
Spela senare
Spela senare
Listor
Gilla
Gillad
28:15
In this episode, John Yeoh, Global Vice President of Research at Cloud Security Alliance, joins hosts Kim Weins and Josh Bressers to discuss the state of security in the cloud and how to solve supply chain pain points like misconfigurations, zero trust, and transparency. They explore the need to align best practices and how the Global Security Data…
…
continue reading
1
Velocity Isn’t Just for Fighter Jets | How the US Air Force Develops Secure Software
26:53
26:53
Spela senare
Spela senare
Listor
Gilla
Gillad
26:53
In this episode, Matt Huston, CISO of the Platform One program in the United State Air Force, joins Kim Weins and Josh Bressers to discuss how the USAF is innovating with modern DevSecOps practices while meeting exacting government standards. They dive into how software factories within the U.S. Department of Defense are leveraging the same practic…
…
continue reading
1
Security as a Journey | Let's Make Better Mistakes Tomorrow
27:33
27:33
Spela senare
Spela senare
Listor
Gilla
Gillad
27:33
In this episode, Kim Weins and Josh Bressers engage Stephen O’Grady, co-founder and principal analyst at RedMonk, on how improving the developer experience can pay dividends for security up and down the software supply chain.Av Anchore
…
continue reading
1
Getting Real | Practical Uses for SBOMs Today
21:15
21:15
Spela senare
Spela senare
Listor
Gilla
Gillad
21:15
In this episode, Neil Levine of Anchore joins Kim Weins and Josh Bressers to discuss the power of SBOMs. They explore practical first steps for using SBOMs and how they can improve software supply chain security starting today.Av Anchore
…
continue reading
1
PB&J | Why SBOMS & Security Scanning Go Together
22:18
22:18
Spela senare
Spela senare
Listor
Gilla
Gillad
22:18
Steve Lasker of Microsoft joins the show and talks with host Kim Weins and Josh Bressers about how the software ecosystem will generate and use SBOMs. He reveals the challenge of giant SBOMs and how Microsoft is providing transparency to customers about the components in their software.Av Anchore
…
continue reading
1
Sleeping at Night | Talking Software Supply Chain Security with Bren Briggs
27:05
27:05
Spela senare
Spela senare
Listor
Gilla
Gillad
27:05
In this episode, Bren Briggs of Hypergiant joins host Kim Weins and Josh Bressers to discuss software supply chain issues that keep them up at night. They touch on SBOMs as an inventory tool, DevSecOps by definition and the practice of software supply chain management.Av Anchore
…
continue reading
On this inaugural episode of the show, veteran security leader and world-famous podcaster: Josh Bressers joins host Kim Weins to discuss the log4j security vulnerability and the way forward in preparation for the next zero-day attack.Av Anchore
…
continue reading
1
Embedded systems software development, automotive security, and ASRG's global enthusiasts with Sven Schran
29:22
29:22
Spela senare
Spela senare
Listor
Gilla
Gillad
29:22
In episode 26 of Software Security Gurus, Matias Madou chats to Sven Schran, Program Manager Security Engineering, at Robert Bosch. They discuss the rapidly growing embedded systems software industry, including the general security considerations during the development lifecycle. They also go in-depth on automotive security, where technological adv…
…
continue reading
1
#25: Secure by design, threat modeling, and diversity of thought in security teams with Simon Cole
28:30
28:30
Spela senare
Spela senare
Listor
Gilla
Gillad
28:30
In episode 25 of Software Security Gurus, Matias Madou chats to Simon Cole, Global Security Architecture & Engineering Director at dentsu. They discuss his multi-faceted experience in security architecture, including his views on what constitutes "secure by design". They also discuss threat modeling and empathy with developers, in addition to welco…
…
continue reading
1
#24: Self-driving cars, automotive security modeling and integrated software with John Heldreth
34:52
34:52
Spela senare
Spela senare
Listor
Gilla
Gillad
34:52
In episode 24 of Software Security Gurus, Matias Madou chats to John Heldreth, founder of the automotive security organization, ASRG. They discuss taking the plunge with self-driving cars, the complexities of automotive security modeling, digital twins, and integrated software. Want to nominate a guru? Get in touch with us! www.softwaresecurityguru…
…
continue reading
1
#23: Five steps to a better security culture, with Tanvi Bali
25:59
25:59
Spela senare
Spela senare
Listor
Gilla
Gillad
25:59
In episode 23 of the Software Security Gurus webcast, Matias sits down with Tanvi Bali, a security expert and DevSecOps specialist. They discuss her background in engineering, and the state of DevSecOps in the APAC region (including why it trails behind Europe and US). She also treats us to her personal five steps to building a positive security cu…
…
continue reading
1
#22: Implementing the right internal security structure, with Julie Tsai
25:48
25:48
Spela senare
Spela senare
Listor
Gilla
Gillad
25:48
In episode 22 of Software Security Gurus, Matias Madou chats to Julie Tsai, Head of Information Security at Roblox. They discuss how to implement the right internal security structure, how to measure its success and quantify security risk, as well as how DevOps has evolved tactically to expand beyond tooling. Want to nominate a Guru? Get in touch: …
…
continue reading
1
#21: Security culture and adding security champions to enhance your program, with Brian Levine
25:46
25:46
Spela senare
Spela senare
Listor
Gilla
Gillad
25:46
In episode 21 of Software Security Gurus, Matias Madou chats to Brian Levine, Senior Director, Product & Cloud Security at Axway. They discuss scaling a positive security culture and getting executive buy-in, adding security champions to enhance a program, as well as navigating an SSDLC the right way. Want to nominate a guru? Get in touch! www.soft…
…
continue reading
1
#20: Why most security tools are not a cure-all for vulnerabilities, with Larry Maccherone
27:57
27:57
Spela senare
Spela senare
Listor
Gilla
Gillad
27:57
In episode 20 of the Software Security Gurus webcast, Matias chats to Larry Maccherone, distinguished engineer and DevSecOps transformation lead at Comcast. They discuss the impact of people and culture on a successful DevSecOps adoption, why more security tools aren't a cure-all for finding and fixing vulnerabilities, as well as a deep dive into L…
…
continue reading
1
#19: Experiencing a big data breach, with Bankim Tejani
31:47
31:47
Spela senare
Spela senare
Listor
Gilla
Gillad
31:47
Welcome to Software Security Gurus with Matias Madou. In episode 19, he chats to Bankim Tejani, Chief Security Architect and Distinguished Engineer at the Charles Schwab Corporation. They discuss his experience with big data breaches, as well as how secure coding can speed up remediation, and drive quality, performance, and scalability. Want to nom…
…
continue reading
1
#18: Distributed security culture, with Brad Senetza
21:30
21:30
Spela senare
Spela senare
Listor
Gilla
Gillad
21:30
Welcome to Software Security Gurus with Matias Madou. In episode 18, he chats with Brad Senetza, Security Assurance Architect at Oracle. They discuss his distributed security culture strategy, why it works, and how everyone in the SDLC can and should own security. Want to nominate a guru? Head to www.softwaresecuritygurus.com. --- Send in a voice m…
…
continue reading
1
#17: The secret ingredient to a successful "shift left", with Mike Shema
22:20
22:20
Spela senare
Spela senare
Listor
Gilla
Gillad
22:20
Welcome to episode 17 of the Software Security Gurus webcast. In this interview, he chats with Mike Shema, Product Security at Square. They discuss his take on proactive security, and the how the relationship between deveopers and the security team impacts this approach. They also unpack the collaborative role these teams can play, and the secret i…
…
continue reading
1
#14: The OWASP AppSensor Project, with John Melton
33:54
33:54
Spela senare
Spela senare
Listor
Gilla
Gillad
33:54
Welcome to episode 14 of Software Security Gurus, with Matias Madou. This episode features a discussion with John Melton, Director of Product Security at NetSuite. He is also the co-leader of the visionary OWASP AppSensor Project. For more information, or to nominate a guest, please visit www.softwaresecuritygurus.com. --- Send in a voice message: …
…
continue reading
1
#16: The "people over tools" approach to security, with Leif Dreizler
21:18
21:18
Spela senare
Spela senare
Listor
Gilla
Gillad
21:18
Welcome to episode 16 of the Software Security Gurus podcast. In this interview, he chats with Leif Dreizler, Product Security Manager at Segment. They discuss his "people over tools" security approach, his team structure, as well as the fact that at Segment, cross-site scripting and SQL injection are extinct. Want to nominate a guru? Check out www…
…
continue reading
1
#15: Self-service and reducing cyber risk with Astha Singhal
16:44
16:44
Spela senare
Spela senare
Listor
Gilla
Gillad
16:44
Welcome to episode 15 of the Software Security Gurus webcast. In this episode, Matias chats to Astha Singhal, Director of AppSec at Netflix. They discuss Netflix's enviable culture of freedom and responsibility, and what this means for application security in her team. They also dive into the world of self-service, and the impact this can have on r…
…
continue reading
1
#13: Four CISO tribes, and the changing approach to security training with Florence Mottay
19:28
19:28
Spela senare
Spela senare
Listor
Gilla
Gillad
19:28
Welcome to episode 13 of Software Security Gurus, with Matias Madou. In this interview, he chats with Florence Mottay, security expert and Global CISO at Ahold Delhaize. They discuss her recent win of a prestigious industry award, and how this could positively influence cybersecurity transparency at the company level, as well as her experience in s…
…
continue reading
1
#12: Inspiring security awareness in developers, with Tanya Janca
17:24
17:24
Spela senare
Spela senare
Listor
Gilla
Gillad
17:24
In this interview, Matias chats to Tanya Janca, security rockstar and CEO of We Hack Purple. They talk about how to inspire security awareness in developers, the complexities of the AppSec space, and how we could do a tech industry detox. For more information, visit www.softwaresecuritygurus.com. We Hack Purple: https://wehackpurple.com/ --- Send i…
…
continue reading
1
#11: Patrick Debois, the Godfather of DevOps
27:58
27:58
Spela senare
Spela senare
Listor
Gilla
Gillad
27:58
In episode 11 of Software Security Gurus, Matias chats to Patrick Debois, affectionately referred to as, "the Godfather of DevOps". He is also the creator of the global conference series, DevOpsDays. For more information, visit www.softwaresecuritygurus.com. Visit DevOpsDays: https://devopsdays.org/about/ --- Send in a voice message: https://podcas…
…
continue reading
1
#10: Open source and who should take responsibility for security, with Rami Sass
21:27
21:27
Spela senare
Spela senare
Listor
Gilla
Gillad
21:27
In this interview, he chats with Rami Sass, co-founder and CEO at WhiteSource. Unsurprisingly, they discuss all things open source security. They reflect on how open source has changed in the past ten years, the compliance implications of using open source components in software, and the disconnect that can often happen between the tech and legal d…
…
continue reading
1
#9: Security issues at the SVP level, with John Stewart
34:43
34:43
Spela senare
Spela senare
Listor
Gilla
Gillad
34:43
In episode 9 of the Software Security Gurus webcast, Matias sits down with John Stewart, former SVP and Chief Trust & Safety Officer at Cisco. They discuss security issues at the SVP level of a large organization, as well as the role diversity plays in building an amazing team that drives businesses forward. For more information, or to nominate a g…
…
continue reading
1
#8: The rise of the developer in security programs, with Guy Podjarny
28:31
28:31
Spela senare
Spela senare
Listor
Gilla
Gillad
28:31
Hello and welcome to episode 8 of Software Security Gurus, with Matias Madou. In this interview, he chats with Guy Podjarny, Co-Founder and President at Snyk Security. They discuss scanning tools, and the rise of the developer in security programs. He also reveals his experiences in startup, and what he looks for in a great company. For more inform…
…
continue reading
1
#7: Key takeaways from attending 50 (!) conference talks, with Clint Gibler
24:21
24:21
Spela senare
Spela senare
Listor
Gilla
Gillad
24:21
Hello and welcome to episode 7 of Software Security Gurus, with Matias Madou. In this interview, he chats with Clint Gibler, security consultant, and owner of the TL;DR Sec blog. They discuss his love/hate relationship with static analysis and the available solutions, as well as what he learned from attending 50 conference talks. Also tune in for d…
…
continue reading
1
#6: Lessons learned in the SDLC with Steve Lipner
27:14
27:14
Spela senare
Spela senare
Listor
Gilla
Gillad
27:14
Hello and welcome to episode 6 of Software Security Gurus, with Matias Madou. In this interview, he chats with Steve Lipner, software security expert, and founder of SAFEcode.org. They discuss his influential book, Security Development Lifecycle, and the changes seen in the fifteen years since its release. With diversity in programming languages a …
…
continue reading
1
#5: The pitfalls on the quest to a thriving AppSec environment, with Fredrick "Flee" Lee
31:55
31:55
Spela senare
Spela senare
Listor
Gilla
Gillad
31:55
Welcome to the Software Security Gurus webcast with Matias Madou. In episode 5, Matias interviews Fredrick "Flee" Lee, a long-time cybersecurity expert and Chief Security Officer at Gusto. They discuss the potential pitfalls of a thriving AppSec environment, including efficient training, best practices, and the lack of focus on custom rule-writing.…
…
continue reading
1
#4: Adopting more resilient security processes with Aaron Bedra
23:59
23:59
Spela senare
Spela senare
Listor
Gilla
Gillad
23:59
Welcome to episode 4 of Software Security Gurus with Matias Madou. In this interview, he chats with Aaron Bedra, senior software engineer and security industry expert. Aaron discusses his background in regulated industries, as well as his insights on protecting data from some overzealous regulators that attempt to legislate weakened encryption proc…
…
continue reading
1
#3: Nurturing software engineering teams, and the future of security tooling with Dr. Brian Chess
21:49
21:49
Spela senare
Spela senare
Listor
Gilla
Gillad
21:49
In this interview, he chats with Dr. Brian Chess, cybersecurity expert and former Chief Scientist at Fortify Software. Together, they discuss industry shifts with Agile and DevOps, as well as the future of scanning tools and static analysis in the software development lifecycle. Dr. Chess also discusses his process when it comes to nurturing softwa…
…
continue reading
1
#2: Future movements and investment trends in cybersecurity, with Dr. Chenxi Wang
25:34
25:34
Spela senare
Spela senare
Listor
Gilla
Gillad
25:34
Welcome to the Software Security Gurus webcast with Matias Madou. In this episode, Matias interviews Dr. Chenxi Wang, cybersecurity expert and founder of Rain Capital, a venture capital firm with a focus on cyber-related startups. They discuss everything from their shared academic backgrounds, to future movements in the security industry, including…
…
continue reading
1
#1: The history, present, and future of software security with Dr. Gary McGraw
27:04
27:04
Spela senare
Spela senare
Listor
Gilla
Gillad
27:04
Welcome to the Software Security Gurus webcast with Matias Madou. In this inaugural episode, Matias interviews Dr. Gary McGraw, one of the godfathers of software security and founder of the Berryville Institute of Machine Learning. They discuss the history, present, and future of software security, as well as how these principles may apply to the n…
…
continue reading