Contextualize Prioritize and ACT ON RISK
Login
Get Access
Demo

Podcasts

CSCP S4EP05 – Christian Ghigliotty – product security and effective application security programs

Dive into the world of application security with Chris Ghigliotty on the Cyber Security and Cloud Podcast. Explore effective communication, developer training, and ROI in security programs. Join us for insights into making complex security concepts accessible and driving business engagement in cybersecurity. Sponsored by Phoenix Security. #CyberSecurityPodcast #ApplicationSecurity

CSCP S4EP05 – Christian Ghigliotty – product security and effective application security programs

Phoenix Security
Phoenix Security
CSCP S4EP05 - Christian Ghigliotty - product security and effective application security programs
Loading
/
Download File
Play in new window

CSCP S4EP05 – Christian Ghigliotty – product security and effective application security programs

Phoenix Security
Phoenix Security
CSCP S4EP05 - Christian Ghigliotty - product security and effective application security programs
Loading
/

Notes

Phoenix Security
Phoenix Security
CSCP S4EP05 - Christian Ghigliotty - product security and effective application security programs
Loading
/
Application Security Cybersecurity Podcast Security Engineering Developer Training in Security Cybersecurity Communication Security Posture Management Strategic Security Investments Chris Ghigliotty Cybersecurity Insights Security Program ROI Effective Cybersecurity Narratives Security in Cloud Computing Cybersecurity for Developers Organizational Security Strategies Cybersecurity Leadership

 

Get ready to embark on a captivating journey into the world of application security with our guest, Chris Ghigliotty, Director of Security Engineering at JustWorks. A man of many talents, Chris hails from a background in teaching and writing, which lends him a unique perspective on the importance of communication within the cybersecurity industry. We promise you; this isn’t your regular security conversation. We are tearing down the walls of complexity, transforming intricate risk language into digestible business matters.

 

The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence.

 

As we navigate through the intricacies of building an application security program, we assure you, no stone will be left unturned. Learn how to control the narrative, comprehend your company’s current state and engage with your customers in a meaningful manner. This isn’t just another industry podcast; we’re here to show you how to demonstrate the program’s inherent value, approach investment strategically, and champion ROI as the lifeline of your security program. We’ve got a powerhouse of insights lined up, especially on program effectiveness, measured in terms of training developers to make security decisions.

Drawing the curtains on this episode, we shift gears to focus on the impact of developer training on security. We’ll help you identify training outcomes and integrate them into your development process. Our discourse deep-dives into the value of security in products, with special attention to user experience and security features as product differentiators. Remember, folks, curiosity is the key that unlocks the door to the security industry for new generations. So, join us, and let’s make security not just a necessity, but a narrative that everyone can understand and appreciate.

 

00:59 – Christian Ghigliotty’s Introduction: Francesco introduces Christian Ghigliotty, spotlighting his expertise in application security and transformation.

01:55 – Background in Cybersecurity: Christian shares his journey into cybersecurity, culminating in his current role at JustWorks, where he oversees application security and posture management.

02:22 – Entry into Cybersecurity: Christian’s unconventional path into cybersecurity highlights the diverse skill sets valuable in application security.

03:56 – Communication in Application Security: The importance of effective communication in application security, essential for explaining complex security concepts and gaining organizational buy-in.

04:55 – Overcoming Communication Challenges: Addressing the challenge of making technical application security topics accessible and understandable to non-technical stakeholders.

06:14 – Storytelling in Security: The critical role of narrative in application security to justify security measures, investments, and posture management strategies.

08:00 – Establishing an Application Security Program: Key considerations in starting an application security program, including understanding organizational needs and aligning with business strategies.

09:45 – Investment in Application Security: Long-term investment perspective in application security and posture management, emphasizing the need for measurable returns and strategic alignment with business goals.

11:22 – Measuring Program Effectiveness: The challenge of quantifying the effectiveness of application security programs and the role of developer training in enhancing security posture.

14:45 – Sponsor Message: Phoenix Security, focusing on software security and supply chain visibility.

15:27 – Developer Empowerment in Security: Strategies for empowering developers to prioritize application security in their work, highlighting the importance of business support for security initiatives.

17:00 – Building Development Team Relationships: The significance of fostering strong relationships with development teams to create a culture that values application security and good security posture.

19:24 – Tailoring Security to Teams: Customizing application security approaches to meet the unique challenges and needs of different development teams.

21:40 – Business Buy-In for Security: Exploring effective strategies to secure business buy-in for application security programs and discussing relevant metrics for measuring success.

23:05 – Product Metrics in Application Security: Using product metrics to evaluate the impact of security features on application security and posture management.

25:25 – Enhancing User Experience: Improving user experience in security measures to ensure better adherence to security protocols in application development.

27:17 – Security as a Differentiator: Discussing the potential of positioning application security as a unique selling point, enhancing customer trust and product value.

29:01 – Closing Remarks: Christian shares an optimistic outlook on the future of application security and encourages new talent to join the field.

30:14 – Contact Information: How to find more about Christian Ghigliotty’s work in application security.

 

Christian Ghigliotty

Linkedin: https://www.linkedin.com/in/ghigliottyc 

Github: https://github.com/ghigliottyc 

 

Cyber Security and Cloud Podcast hosted by Francesco Cipollone

Twitter @FrankSEC42

Linkedin: linkedin.com/in/fracipo 

#CSCP #cybermentoringmonday cybercloudpodcast.com 

 

Social Media Links 
Follow us on social media to get the latest episodes:
Website: http://www.cybercloudpodcast.com/
You can listen to this podcast on your favourite player:
Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ 
Linkedin: https://www.linkedin.com/company/35703565/admin/  


Twitter: https://twitter.com/podcast_cyber   


Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/ 

 

Podcast

Picture of Francesco Cipollone

Francesco Cipollone

Francesco is an internationally renowned public speaker, with multiple interviews in high-profile publications (eg. Forbes), and an author of numerous books and articles, who utilises his platform to evangelize the importance of Cloud security and cutting-edge technologies on a global scale.
26th November 2023

Francesco is an internationally renowned public speaker, with multiple interviews in high-profile publications (eg. Forbes), and an author of numerous books and articles, who utilises his platform to evangelize the importance of Cloud security and cutting-edge technologies on a global scale.

Follow us on social media to get the latest episodes:

Podcast Icon Spotify Youtube Linkedin-in Twitter

Discuss this podcast with our community on Slack

Join our AppSec Phoenix community on Slack to discuss this blog and other news with our professional security team

Join Slack community

More episodes

Join us as we dive into the future of Application Security (AppSec) and Vulnerability Management with James Berthoty. Discover insights on the evolution of AppSec, challenges in managing software vulnerabilities, and the role of Application Security Posture Management (ASPM) in today’s API-driven cloud environment. Listen now for expert analysis and practical solutions in cybersecurity.

  • 28th July 2024

CSCP S4EP19 – James Berthoty – What The heck is ASPM and the evolution of Product Security

Join us as we dive into the future of Application Security (AppSec) and Vulnerability Management with James Berthoty. Discover insights on the evolution of AppSec, challenges in managing software vulnerabilities, and the role of Application Security Posture Management (ASPM) in today’s API-driven cloud environment. Listen now for expert analysis and practical solutions in cybersecurity.
CSCP S4EP18 - Marius Poskus

  • 7th July 2024

CSCP S4EP18 – Marius Poskus – Who mention about non-technical CISO – ASPM and Running application security programs from a CISO perspective

Explore the evolving landscape of application security and ASPM with Marius Poskus, VP at Glow Financial Services. Discover insights on the adoption of open-source code and AI, cultural shifts for DevSecOps, and challenges in maintaining consistent security programs. Sponsored by Phoenix Security, leaders in vulnerability management. Listen now for strategic approaches to managing application security and prioritizing critical issues to align with business goals. #Cybersecurity #AppSec #ProductSecurity #ASPM
Join cybersecurity expert Adam Shostack on the Cybersecurity and Cloud Podcast as he discusses Application Security Posture Management (ASPM), threat modeling, and proactive strategies for enhancing software security. Learn about the impact of government regulations, CISA’s approaches to vulnerability management, and balancing security with profit. Don't miss these insights to stay ahead in the cybersecurity landscape.

  • 16th June 2024

CSCP S4EP17 – Adam Shostack – Threat modelling in past and future with Adam Shostack from vulnerability to ASPM and modern application security

Join cybersecurity expert Adam Shostack on the Cybersecurity and Cloud Podcast as he discusses Application Security Posture Management (ASPM), threat modeling, and proactive strategies for enhancing software security. Learn about the impact of government regulations, CISA’s approaches to vulnerability management, and balancing security with profit. Don’t miss these insights to stay ahead in the cybersecurity landscape.
CSCP-S4EP16

  • 26th May 2024

CSCP S4EP16 – Irene Michlin – Threat Modelling in the Age of AI

“Discover the crucial role of threat modeling in application security with insights from Irene Michlin, application security lead at Neo4j. Learn how integrating developer perspectives and leveraging AI can enhance your security practices. Join the conversation on the Cybersecurity and Cloud Podcast and explore actionable strategies for robust application security. #Cybersecurity #ThreatModeling #ApplicationSecurity #AI #DevSecOps”

  • 12th May 2024

CSCP S4EP15 – Akira Brand – Singing the Tune of Application Security with Akira Brand

Delve into Application Security Program Management (ASPM) with Akira Brand on the Cybersecurity and Cloud Podcast. Discover how her unique opera background enriches her approach to security, enhancing application safety in a cloud-driven world. Tune in for expert insights on evolving AppSec to product security, the critical role of threat modeling, and strategies for building a resilient security culture.
Generated by Feedzy
Derek

Derek Fisher

Linkedin

Head of product security at a global fintech

Derek Fisher – Head of product security at a global fintech. Speaker, instructor, and author in application security.

Derek is an award winning author of a children’s book series in cybersecurity as well as the author of “The Application Security Handbook.” He is a university instructor at Temple University where he teaches software development security to undergraduate and graduate students. He is a speaker on topics in the cybersecurity space and has led teams, large and small, at organizations in the healthcare and financial industries. He has built and matured information security teams as well as implemented organizational information security strategies to reduce the organizations risk.

Derek got his start in the hardware engineering space where he learned about designing circuits and building assemblies for commercial and military applications. He later pursued a computer science degree in order to advance a career in software development. This is where Derek was introduced to cybersecurity and soon caught the bug. He found a mentor to help him grow in cybersecurity and then pursued a graduate degree in the subject.

Since then Derek has worked in the product security space as an architect and leader. He has led teams to deliver more secure software in organizations from multiple industries. His focus has been to raise the security awareness of the engineering organization while maintaining a practice of secure code development, delivery, and operations.

In his role, Jeevan handles a range of tasks, from architecting security solutions to collaborating with Engineering Leadership to address security vulnerabilities at scale and embed security into the fabric of the organization.

Jeevan Singh

Jeevan Singh

Linkedin

Founder of Manicode Security

Jeevan Singh is the Director of Security Engineering at Rippling, with a background spanning various Engineering and Security leadership roles over the course of his career. He’s dedicated to the integration of security practices into software development, working to create a security-aware culture within organizations and imparting security best practices to the team.
In his role, Jeevan handles a range of tasks, from architecting security solutions to collaborating with Engineering Leadership to address security vulnerabilities at scale and embed security into the fabric of the organization.

James

James Berthoty

Linkedin

Founder of Latio Tech

James Berthoty has over ten years of experience across product and security domains. He founded Latio Tech to help companies find the right security tools for their needs without vendor bias.

christophe

Christophe Parisel

Linkedin

Senior Cloud Security Architect

Senior Cloud Security Architect

Chris

Chris Romeo

Linkedin

Co-Founder
Security Journey

Chris Romeo is a leading voice and thinker in application security, threat modeling, and security champions and the CEO of Devici and General Partner at Kerr Ventures. Chris hosts the award-winning “Application Security Podcast,” “The Security Table,” and “The Threat Modeling Podcast” and is a highly rated industry speaker and trainer, featured at the RSA Conference, the AppSec Village @ DefCon, OWASP Global AppSec, ISC2 Security Congress, InfoSec World and All Day DevOps. Chris founded Security Journey, a security education company, leading to an exit in 2022. Chris was the Chief Security Advocate at Cisco, spreading security knowledge through education and champion programs. Chris has twenty-six years of security experience, holding positions across the gamut, including application security, security engineering, incident response, and various Executive roles. Chris holds the CISSP and CSSLP certifications.

jim

Jim Manico

Linkedin

Founder of Manicode Security

Jim Manico is the founder of Manicode Security, where he trains software developers on secure coding and security engineering. Jim is also the founder of Brakeman Security, Inc. and an investor/advisor for Signal Sciences. He is the author of Iron-Clad Java: Building Secure Web Applications (McGraw-Hill), a frequent speaker on secure software practices, and a member of the JavaOne Rockstar speaker community. Jim is also a volunteer for and former board member of the OWASP foundation.

Join our Mailing list!

Get all the latest news, exclusive deals, and feature updates.

The IKIGAI concept
x Powerful Protection for WordPress, from Shield Security
This Site Is Protected By
ShieldPRO