Building a cybersecurity program is complicated. Building one that is equipped to truly enable the organization it serves is another thing altogether. Robert Wood from Sidekick Security interviews security leaders from a diverse set of organizations to talk about program transformations. From team design, technology, compliance versus security, and strategic leadership, learn about how to lead a program transformation of your own from people who have gone through it before.
All content for Security Program Transformation Podcast is the property of Sidekick Security and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
Building a cybersecurity program is complicated. Building one that is equipped to truly enable the organization it serves is another thing altogether. Robert Wood from Sidekick Security interviews security leaders from a diverse set of organizations to talk about program transformations. From team design, technology, compliance versus security, and strategic leadership, learn about how to lead a program transformation of your own from people who have gone through it before.
From DMZs to DevSecOps: Building Modern AppSec Programs with Gunnar Peterson
Security Program Transformation Podcast
1 hour 15 minutes
9 months ago
From DMZs to DevSecOps: Building Modern AppSec Programs with Gunnar Peterson
In this conversation, Robert Wood and Gunnar Peterson delve into the complexities of application security (AppSec), discussing its evolution, the importance of building effective AppSec programs, and the need for engaging developers in security practices. They explore the blurred lines between cloud security and application security, the role of posture management tools, and the significance of an asset-centric approach to security. Gunnar emphasizes the importance of understanding key use cases and platforms within an organization, as well as the need for security professionals to broaden their skill sets to navigate the changing landscape of cybersecurity effectively.
Takeaways
Application security is evolving, requiring a focus on both technology and human factors.
Understanding the organization's current state is crucial for building an effective AppSec program.
Coverage and efficacy are key metrics for assessing AppSec initiatives.
Engaging developers is essential for successful security practices.
In larger organizations, security efforts can become check-the-box activities.
The lines between cloud security and application security are increasingly blurred.
Posture management tools are emerging to address skill gaps in AppSec.
An asset-centric approach to security is gaining traction in the industry.
New security professionals should prioritize understanding key business use cases.
The future of security will require blending traditional practices with new technologies.
Sound Bites
"Good judgment comes from experience."
"You have to have the humility to recognize."
Chapters
00:00 Introduction to Application Security and Its Evolution
02:59. Building an Effect...
Security Program Transformation Podcast
Building a cybersecurity program is complicated. Building one that is equipped to truly enable the organization it serves is another thing altogether. Robert Wood from Sidekick Security interviews security leaders from a diverse set of organizations to talk about program transformations. From team design, technology, compliance versus security, and strategic leadership, learn about how to lead a program transformation of your own from people who have gone through it before.
