Get ready to embark on a captivating journey into the world of application security with our guest, Chris Ghigliotty, Director of Security Engineering at JustWorks. A man of many talents, Chris hails from a background in teaching and writing, which lends him a unique perspective on the importance of communication within the cybersecurity industry. We promise you; this isn’t your regular security conversation. We are tearing down the walls of complexity, transforming intricate risk language into digestible business matters.
The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence.
As we navigate through the intricacies of building an application security program, we assure you, no stone will be left unturned. Learn how to control the narrative, comprehend your company’s current state and engage with your customers in a meaningful manner. This isn’t just another industry podcast; we’re here to show you how to demonstrate the program’s inherent value, approach investment strategically, and champion ROI as the lifeline of your security program. We’ve got a powerhouse of insights lined up, especially on program effectiveness, measured in terms of training developers to make security decisions.
Drawing the curtains on this episode, we shift gears to focus on the impact of developer training on security. We’ll help you identify training outcomes and integrate them into your development process. Our discourse deep-dives into the value of security in products, with special attention to user experience and security features as product differentiators. Remember, folks, curiosity is the key that unlocks the door to the security industry for new generations. So, join us, and let’s make security not just a necessity, but a narrative that everyone can understand and appreciate.
00:59 – Christian Ghigliotty’s Introduction: Francesco introduces Christian Ghigliotty, spotlighting his expertise in application security and transformation.
01:55 – Background in Cybersecurity: Christian shares his journey into cybersecurity, culminating in his current role at JustWorks, where he oversees application security and posture management.
02:22 – Entry into Cybersecurity: Christian’s unconventional path into cybersecurity highlights the diverse skill sets valuable in application security.
03:56 – Communication in Application Security: The importance of effective communication in application security, essential for explaining complex security concepts and gaining organizational buy-in.
04:55 – Overcoming Communication Challenges: Addressing the challenge of making technical application security topics accessible and understandable to non-technical stakeholders.
06:14 – Storytelling in Security: The critical role of narrative in application security to justify security measures, investments, and posture management strategies.
08:00 – Establishing an Application Security Program: Key considerations in starting an application security program, including understanding organizational needs and aligning with business strategies.
09:45 – Investment in Application Security: Long-term investment perspective in application security and posture management, emphasizing the need for measurable returns and strategic alignment with business goals.
11:22 – Measuring Program Effectiveness: The challenge of quantifying the effectiveness of application security programs and the role of developer training in enhancing security posture.
14:45 – Sponsor Message: Phoenix Security, focusing on software security and supply chain visibility.
15:27 – Developer Empowerment in Security: Strategies for empowering developers to prioritize application security in their work, highlighting the importance of business support for security initiatives.
17:00 – Building Development Team Relationships: The significance of fostering strong relationships with development teams to create a culture that values application security and good security posture.
19:24 – Tailoring Security to Teams: Customizing application security approaches to meet the unique challenges and needs of different development teams.
21:40 – Business Buy-In for Security: Exploring effective strategies to secure business buy-in for application security programs and discussing relevant metrics for measuring success.
23:05 – Product Metrics in Application Security: Using product metrics to evaluate the impact of security features on application security and posture management.
25:25 – Enhancing User Experience: Improving user experience in security measures to ensure better adherence to security protocols in application development.
27:17 – Security as a Differentiator: Discussing the potential of positioning application security as a unique selling point, enhancing customer trust and product value.
29:01 – Closing Remarks: Christian shares an optimistic outlook on the future of application security and encourages new talent to join the field.
30:14 – Contact Information: How to find more about Christian Ghigliotty’s work in application security.
Cyber Security and Cloud Podcast hosted by Francesco Cipollone
#CSCP #cybermentoringmonday cybercloudpodcast.com
Social Media Links
Follow us on social media to get the latest episodes:
You can listen to this podcast on your favourite player:
Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463 Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ