How to Fix the Lack of Clear Guidance in Building Effective Security Programs

https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/ab/b0/da/abb0dac0-046c-0dcf-9ed2-3608f7da6605/mza_7681932657336190582.jpg/600x600bb.jpg

The Elephant in AppSec

77 episodes

3 days ago

Time to discuss AppSec issues no one talks about.

All content for The Elephant in AppSec is the property of The Elephant in AppSec and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Time to discuss AppSec issues no one talks about.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_episode/39783987/39783987-1752762609221-f8099edc9ab3e.jpg

How to Fix the Lack of Clear Guidance in Building Effective Security Programs | Luís Fontes

The Elephant in AppSec

35 minutes 53 seconds

3 months ago

How to Fix the Lack of Clear Guidance in Building Effective Security Programs | Luís Fontes

Today's episode features Luís Fontes, who, after five years working with various technologies as a full-stack developer, transitioned to the AppSec world. Luís worked as an AppSec engineer at major companies like Checkmarx and then moved to IOVLabs (RSK) and the cryptocurrency space. Nowadays, Luís works at Xapo, a crypto bank, and is an expert in both product security and blockchain security.

In today’s conversation, Luís explains why he believes we still lack clear guidance on how to build and manage effective security programs, and how he decided to create a guide to address this issue.

He also shares insights into the complexities of blockchain security and the importance of understanding business logic. Plus, we’ll discuss why he thinks SBOMs are overrated.

Dive right in!

Luis's guide: https://luisfontes19.github.io/orgsec-guide/index.html