This episode of Code to Cloud features a discussion with the EY Consulting Partner in Cybersecurity, Koen Machilsen. There, Koen is responsible for delivery and innovation of the EY Consulting Cybersecurity and privacy service offering, and has been with the company for over 16 years. Prior to joining EY, Koen held various roles in IT operations. Koen and host Tim Chase, Global Field CISO at Lacework, discuss the significance of integrating cybersecurity into business resilience strategies. The conversation covers how to respond to cybersecurity incidents, the importance of preparation and regular training, and the necessity of understanding business impact when developing cyber crisis management plans. They also delve into the European Union’s NIS2 and Cyber Resilience Act regulations, explaining how they aim to enhance cyber resilience across organizations by mandating stringent cybersecurity practices and reporting requirements. The discussion underscores the need for local transpositions of these directives and the challenges they introduce. Finally, they emphasize the importance of cyber resilience as an integral part of overall business resilience in the digital age.

This episode of Code to Cloud features a discussion with the Global CISO at Church and Dwight Co., the parent company of brands like Arm & Hammer and OxiClean. And at Church & Dwight Co., David transformed the global enterprise-wide information security program key areas of strategy, risk management, and compliance, among others. Prior to joining the company in 2020, David spent over 22 years in security at Bed, Bath & Beyond. David and host Andy Schneider, Field CISO EMEA at Lacework, discuss the primary cyber threats facing the manufacturing sector, with a specific focus on ransomware, and the strategies utilized by Church & Dwight to mitigate these threats, including a robust third-party vendor assessment process. Ortiz highlights the importance of adaptability in cybersecurity, the role of leadership qualities such as empathy, accountability, and urgency, and underscores the significance of identity management, preparedness, and swift response in enhancing cyber resilience. The conversation also covers the benefits and considerations of moving services to the cloud, reflecting on the necessity of collaboration between cybersecurity teams, manufacturing units, and other stakeholders to safeguard against an ever-changing threat landscape.

This episode of Code to Cloud features a discussion with Immuta's CISO, Mike Scott, and Co-Founder and CTO, Steve Touw, hosted by Andy Schneider, Field CISO EMEA at Lacework. Mike is a highly experienced and accomplished leader in information and data security, real-time analysis of immediate threats, and IT and infrastructure designs. And Steve is known for his data science work with US Special Operations Command and the US Intelligence Community. The conversation centers around the importance of a 'shift left' culture in software development, emphasizing security from the start of the development process. Both guests share how this approach has enabled Immuta to move to a SaaS model, deliver features and security fixes more rapidly, and foster a strong security culture by bringing the CISO and CTO teams closer together. Practical insights include the adoption of communication tools like Slack, the significance of automation in maintaining a rapid release cadence, and the importance of understanding employee communication styles using the DISC assessment. The discussion also touches on overcoming conflicts and the critical role of setting realistic goals in achieving security and compliance milestones.

This episode features an interview with Jenny Brinkley. Jenny is Director of Amazon Security at AWS. Prior to joining Amazon, she co-founded an artificial intelligence start-up called Harvest.ai focused on protecting highly sensitive data using behavior analytics to prevent data loss. Harvest.ai was then acquired by AWS in April 2016. Jenny has also been awarded a few patents focused on data loss prevention and the right to be digitally forgotten. And on this episode, Jenny and host Tim Chase discuss the value of personal data, the importance of security at the executive level, and diversification of the workforce.

This episode features an interview with Sean Wright. Sean is Head of Application Security at Featurespace, the world leader in Enterprise Financial Crime prevention for fraud and Anti-Money Laundering. He is an experienced application security engineer, having started his career as a software developer. His expertise is in web based application security with a special interest in TLS related subjects. And on this episode, Sean and host Andy Schneider discuss navigating AppSec in the cloud age, finding and leveraging security champions, and Sean’s take on open source as it relates to supply chain risks with third party software libraries.

This episode features an interview with Jeff DeVerter, Chief Technology Evangelist managed cloud computing company Rackspace. He has over 25 years of experience in IT and technology, and has worked at Rackspace Technology since 2008. Over his career, Jeff has helped companies like American Express, Ralph Lauren, and Thomson Reuters create and execute against multi-year digital transformation strategies. And on this episode, Jeff and host Tim Chase discuss how to navigate an excessive amount of data due to the popular use of AI, why security by obscurity is ineffective, and aligning day-to-day security duties with business goals.

This episode features an interview with Dr. Kevin Tham. Kevin is a CISO leader in the Australian Digital Banking sector and a seasoned information security veteran in the financial services industry. Most recently, he served as CISO at etika, a purpose-driven lender. And on this episode, Kevin and host Tim Chase discuss cryptography including how it’s changed over the last 25 years, and how quantum computing and AI will affect it. They also discuss handling cybersecurity incidents from first steps to when to notify the board.

This episode features an interview with Frank Wang, Lead Security Engineer at Headway, a new mental healthcare system that works to remove historic barriers faced by mental health providers, payers, and patients. Previously, Frank served as staff security engineer and the first hire in that function at dbt Labs. He has also dabbled in venture capital and academia. He holds a PhD from MIT focused on security and cryptography and a B.S. in computer science from Stanford. And on this episode, Frank and host Tim Chase discuss the benefits of on prem versus cloud storage, why getting complete visibility of the cloud is unlikely, and why partnering with engineers is critical to successful cybersecurity.

In Season 2, you’ll hear from guests at companies like AWS, Headway and Rackspace as they bring you insights on the latest in cloud security. Hosts Tim Chase and Andy Schneider are talking with top CISOs and cybersecurity leaders about industry trends and challenges. What are their top priorities? What tools and techniques are they using to stay ahead of the curve? And how are they shifting left? We’re answering all of these questions and more. So keep an eye on your podcast player of choice for new episodes launching in the new year.

This episode we’re looking back at some highlights from past guests. Host Tim Chase is sharing quotes from leaders at companies like Okta, Deloitte and Deepwatch on security as a business enabler, leadership in cybersecurity, and what it takes to be successful in the modern security landscape.

This episode features an interview with Kelly Haydu. Kelly is Vice President of Information Security and Technology at CarGurus, the most visited automotive shopping site in the US. Prior to CarGurus, she served as Senior Director of InfoSec at Salsify. Before her tenure in the security space, Kelly worked in Quality Assurance including lead automation roles across markets and verticals. On this episode, Kelly and host Tim Chase discuss sources for keeping up on the latest privacy laws, why there isn’t a national privacy law in the U.S., the benefits of micro training and more.

This episode features an interview with Sebastien Jeanquier, Chief Security Officer at Upvest, a fintech startup that empowers other fintechs to provide their customers with seamless, reliable and secure access to the full range of investment opportunities. Sebastien has over 15 years of experience including security advisory consulting, penetration testing and incident management. On this episode, Sebastien and host Tim Chase discuss how to strike the perfect balance of functionality, process and education to build a security-first fintech ecosystem, what it means to take a bottom-up approach, and how to treat security as a first-class citizen.

This episode features an interview with Emily Mossburg, Global Cyber Leader at Deloitte, a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax, and related services. She has more than 20 years of experience across both federal and private sectors in developing strategy and programs, and implementing technical solutions to manage cyber and associated risk, information security, data protection and privacy. And on this episode, Emily and host Tim Chase discuss the benefits of cyber spend on business outcomes, how the role of the CISO has expanded as the cybersecurity industry has matured, and how to appeal to a diverse set of candidates when hiring.

This episode features an interview with Bill Dougherty, CISO at Omada Health, a virtual-first, integrated care provider combining the latest clinical protocols with breakthrough behavior science to make it possible for people with chronic conditions to achieve long-term improvements in their health. Bill brings with him over 25 years of experience in IT and security at such companies as RagingWire, StubHub and Copart. And on this episode, Bill and host Tim Chase discuss the ins and outs of threat modeling, the cybersecurity basics every security leader should revisit, and why every IT or security leader should have another expertise within the business.

This episode features an interview with Craig Riddell, Field CISO at Netwrix Corporation, a provider of data security solutions for on-premises, hybrid, and cloud infrastructures. Craig is also a multiple award-winning Director and Strategist in Identity and Access Management. Previously, Craig served as Director of Identity and Access Management at HP. He brings a wealth of knowledge and experience around modernizing identity solutions while reducing costs and improving security. On this episode, host Tim Chase and Craig discuss managing third party permissions, how your tools are only as good as your implementation of them, and why a single daily identity authentication isn’t enough.

This episode features an interview with Wes Mullins, Chief Technology Officer at Deepwatch, Deepwatch's innovative cloud platform and borderless SOC extends their customers’ cybersecurity teams and proactively protects their brand, reputation and digital assets. Wes has nearly 20 years of industry experience, having started his career as a developer, then working in networking and finally cybersecurity. Prior to Deepwatch, Wes was the VP of Global Cyber at Nielsen. On this episode, host Tim Chase and Wes discuss the factors he considers when selecting potential partners - and how they got a partnership with AWS - why you shouldn’t try to sell anything during the first customer engagement, and the one most important quality in a new hire.

This episode features an interview with Terry O’Daniel, Acting Head of Security at Amplitude. Amplitude is a product analytics platform that helps businesses to track visitors with the help of collaborative analytics. Terry joined the company in October of 2022 as Head of GRC. Prior to Amplitude, he led Governance, Risk, and Compliance within Infrastructure Engineering at Instacart. On this episode, Terry and host Tim Chase discuss the failed promise of DevSecOps, aligning with business objectives, and how to translate security into dollars.

This episode features an interview with Alberto Silveira, Head of Engineering at LawnStarter, a marketplace for outdoor home services. He has more than 20 years of experience in software development, having served in leadership positions at companies like OnDeck, Amplify, and Kaplan. He’s also an author, and his book, Building and Managing High-Performance Distributed Teams is out now. On this episode, Alberto and host Tim Chase discuss organizing teams around the shared purpose of driving the business forward, infusing good security practices throughout the organization, and how to deliver more than just “security theater.”

This episode features an interview with Fractional-CISO Aruneesh Salhotra. Aruneesh brings with him 22 years of experience across development, DevSecOps, security, containerization and more. He is also an award-winning presenter, panelist, and author. On this episode, Aruneesh and host Andy Schneider discuss protecting IP source code, what solution to pick based on your integrations, how he’s helping companies shift left, and much more.

This episode features an interview with Billy Spears, CISO at Teradata. Teradata is the connected multi-cloud data platform for enterprise analytics, solving data challenges from start to scale. Billy has more than 25 years of industry experience. He is an award-winning technology executive, author, speaker, and podcast host. He is also an adjunct professor of cybersecurity at Webster University. Prior to joining Teradata, Billy served as CISO at Alteryx. On this episode, Billy and host Andy Schneider discuss harnessing AI for better business intelligence while managing the risk posed by it, the push and pull of growing trust, and how to use security to drive the business forward.