CSCP S4EP14 – Izar Tarandach – The Future of Threat Modeling and Product Security, with Izar Tarandach

CSCP S4EP14 - Izar Tarandach

CSCP S4EP14 – Izar Tarandach – The Future of Threat Modeling and Product Security, with Izar Tarandach

Phoenix Security
Phoenix Security
CSCP S4EP14 - Izar Tarandach - The Future of Threat Modeling and Product Security, with Izar Tarandach
Loading
/
CSCP S4EP14 - Izar Tarandach

CSCP S4EP14 – Izar Tarandach – The Future of Threat Modeling and Product Security, with Izar Tarandach

Phoenix Security
Phoenix Security
CSCP S4EP14 - Izar Tarandach - The Future of Threat Modeling and Product Security, with Izar Tarandach
Loading
/

Notes

Phoenix Security
Phoenix Security
CSCP S4EP14 - Izar Tarandach - The Future of Threat Modeling and Product Security, with Izar Tarandach
Loading
/

 

This episode features guest Izar Tarandach, a seasoned security architect with extensive experience in application security, cloud security, and the development of comprehensive security frameworks. Our discussion navigates through the latest trends in application security, the pivotal role of DevSecOps, and the strategic integration of security practices within modern business environments.

Sponsored by Phoenix Security: This episode is brought to you by Phoenix Security, leaders in vulnerability management from code to cloud. Take control of your security with Phoenix and see firsthand how to prioritize and act on critical vulnerabilities with a free 14-day license available at Phoenix Security – Request a Demo.

 

As our conversation progresses, we turn our focus to the critical issue of third-party risk in software development. Izar and I examine how high-profile cases have shone a light on the vulnerabilities in the software supply chain and the urgent need for developers to embrace secure coding practices. We discuss the shift toward a security-centric development culture and the importance of establishing business-driven security objectives and realistic service level agreements. Tune in to hear our insights on how the industry is moving beyond the quest for a silver bullet in security tools to a more robust approach that ingrains security into the core responsibilities of developers.

In our final chapter, Izar and I tackle the delicate balance between ethics, regulation, and business imperatives in cybersecurity. We delve into how regulations can drive security priorities, the risk of a false sense of security, and the vital role of threat modeling in the software development lifecycle. Our discussion highlights the need for a holistic approach that merges the foresight provided by threat modeling with adherence to regulations, fostering a security-conscious culture across all industries. Don’t miss this engaging episode where we dissect the evolution of threat modeling and its integral role in protecting our digital world.

What’s Inside This Episode:

00:02 – Introduction to Cybersecurity and Cloud Podcast: Francesco introduces the series and outlines what listeners can expect from this enlightening episode.
00:53 – Greetings and New Developments in Threat Modeling: Discover the latest advancements in threat modeling and their implications for cybersecurity.
01:35 – Introducing Izar Tarandach: Learn about Izar’s journey and his significant contributions to the field of security architecture.
02:09 – Recent Trends in Application Security: A detailed discussion on the transformation in application security spurred by innovations in cloud technology.
02:54 – Challenges Facing Today’s CISOs: Insight into the pressures and challenges CISOs face with rising security stakes.
03:30 – Reevaluating Security Protocols: We analyze how traditional security protocols are being reshaped in today’s tech landscape.
04:49 – The Role of DevSecOps: Understanding the integration of security into DevOps practices and its impact on software development.
05:47 – Concept of “Shift Everywhere”: Izar critiques the broad application of the “shift everywhere” concept within security strategies.
06:56 – The Evolution of Security Integration: Discussion on how security is becoming embedded in all phases of product development.
08:13 – The Dilemma of Security Buzzwords: Evaluating how new security terminologies affect industry focus and policy development.
09:28 – The Realistic View of Security Practice: A candid look at the progression from idealistic to pragmatic approaches in security practices.
11:25 – Addressing Third-Party Risks: Examination of third-party risks and their impact on the software supply chain.
13:28 – Third-Party Risk Management: A Case Study: Insights from high-profile cases highlighting the importance of managing third-party vulnerabilities.
15:23 – Integrating Security into Business Objectives: How organizations are embedding security objectives into business strategies.
16:47 – Seeking Solutions in Security: A shift from seeking singular security solutions to adopting comprehensive, integrated approaches.
18:18 – Advocating for Risk-Based Approaches: The importance of adopting risk-based strategies over traditional security measures.
19:44 – Educating Developers on Security Importance: The critical role of educating developers on security as a fundamental aspect of software development.

Sponsored by Phoenix Security: This episode is brought to you by Phoenix Security, leaders in vulnerability management from code to cloud. Take control of your security with Phoenix and see firsthand how to prioritize and act on critical vulnerabilities with a free 14-day license available at Phoenix Security – Request a Demo.

Don’t Miss This Engaging Discussion on Cybersecurity Trends and Strategies: Tune into this enlightening episode to equip yourself with the knowledge and insights needed to navigate the ever-changing landscape of cybersecurity. Whether you’re a professional in the field, a business leader, or just keen on enhancing your cybersecurity awareness, this episode is packed with valuable information to help you understand the nuances of securing applications and infrastructures in a digitally-driven world.

Izar Tarandach

Linkedin: https://www.linkedin.com/in/izartarandach/ 
Twitter: https://twitter.com/izar_t?lang=en-GB 
Books: https://www.oreilly.com/pub/au/7898 
Github: https://github.com/izar 
Threat Modelling Con: https://www.threatmodelingconnect.com/general-discussion-32/i-m-izar-tarandach-and-if-you-have-questions-i-may-have-answers-148 
Speaker profile: https://conferences.oreilly.com/software-architecture/sa-ny-2019/public/schedule/speaker/324717.html 

 

Cyber Security and Cloud Podcast hosted by Francesco Cipollone

Twitter @FrankSEC42
Linkedin: linkedin.com/in/fracipo 
#CSCP #cybermentoringmonday cybercloudpodcast.com 

 

Social Media Links 
Follow us on social media to get the latest episodes:
Website: http://www.cybercloudpodcast.com/
Linkedin: https://www.linkedin.com/company/35703565/admin/  

Twitter: https://twitter.com/podcast_cyber   

Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/ 
You can listen to this podcast on your favourite player:
Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  

Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ 

 

#Cybersecurity, #appsec #productsecurity #prodsec  #aspm

Podcast

Francesco is an internationally renowned public speaker, with multiple interviews in high-profile publications (eg. Forbes), and an author of numerous books and articles, who utilises his platform to evangelize the importance of Cloud security and cutting-edge technologies on a global scale.

Follow us on social media to get the latest episodes:

Discuss this podcast with our community on Slack

Join our AppSec Phoenix community on Slack to discuss this blog and other news with our professional security team

More episodes

Join us as we dive into the future of Application Security (AppSec) and Vulnerability Management with James Berthoty. Discover insights on the evolution of AppSec, challenges in managing software vulnerabilities, and the role of Application Security Posture Management (ASPM) in today’s API-driven cloud environment. Listen now for expert analysis and practical solutions in cybersecurity.
Explore the evolving landscape of application security and ASPM with Marius Poskus, VP at Glow Financial Services. Discover insights on the adoption of open-source code and AI, cultural shifts for DevSecOps, and challenges in maintaining consistent security programs. Sponsored by Phoenix Security, leaders in vulnerability management. Listen now for strategic approaches to managing application security and prioritizing critical issues to align with business goals. #Cybersecurity #AppSec #ProductSecurity #ASPM
Join cybersecurity expert Adam Shostack on the Cybersecurity and Cloud Podcast as he discusses Application Security Posture Management (ASPM), threat modeling, and proactive strategies for enhancing software security. Learn about the impact of government regulations, CISA’s approaches to vulnerability management, and balancing security with profit. Don’t miss these insights to stay ahead in the cybersecurity landscape.
“Discover the crucial role of threat modeling in application security with insights from Irene Michlin, application security lead at Neo4j. Learn how integrating developer perspectives and leveraging AI can enhance your security practices. Join the conversation on the Cybersecurity and Cloud Podcast and explore actionable strategies for robust application security. #Cybersecurity #ThreatModeling #ApplicationSecurity #AI #DevSecOps”
Delve into Application Security Program Management (ASPM) with Akira Brand on the Cybersecurity and Cloud Podcast. Discover how her unique opera background enriches her approach to security, enhancing application safety in a cloud-driven world. Tune in for expert insights on evolving AppSec to product security, the critical role of threat modeling, and strategies for building a resilient security culture.
Generated by Feedzy
Derek

Derek Fisher

Head of product security at a global fintech

Derek Fisher – Head of product security at a global fintech. Speaker, instructor, and author in application security.

Derek is an award winning author of a children’s book series in cybersecurity as well as the author of “The Application Security Handbook.” He is a university instructor at Temple University where he teaches software development security to undergraduate and graduate students. He is a speaker on topics in the cybersecurity space and has led teams, large and small, at organizations in the healthcare and financial industries. He has built and matured information security teams as well as implemented organizational information security strategies to reduce the organizations risk.

Derek got his start in the hardware engineering space where he learned about designing circuits and building assemblies for commercial and military applications. He later pursued a computer science degree in order to advance a career in software development. This is where Derek was introduced to cybersecurity and soon caught the bug. He found a mentor to help him grow in cybersecurity and then pursued a graduate degree in the subject.

Since then Derek has worked in the product security space as an architect and leader. He has led teams to deliver more secure software in organizations from multiple industries. His focus has been to raise the security awareness of the engineering organization while maintaining a practice of secure code development, delivery, and operations.

In his role, Jeevan handles a range of tasks, from architecting security solutions to collaborating with Engineering Leadership to address security vulnerabilities at scale and embed security into the fabric of the organization.

Jeevan Singh

Jeevan Singh

Founder of Manicode Security

Jeevan Singh is the Director of Security Engineering at Rippling, with a background spanning various Engineering and Security leadership roles over the course of his career. He’s dedicated to the integration of security practices into software development, working to create a security-aware culture within organizations and imparting security best practices to the team.
In his role, Jeevan handles a range of tasks, from architecting security solutions to collaborating with Engineering Leadership to address security vulnerabilities at scale and embed security into the fabric of the organization.

James

James Berthoty

Founder of Latio Tech

James Berthoty has over ten years of experience across product and security domains. He founded Latio Tech to help companies find the right security tools for their needs without vendor bias.

christophe

Christophe Parisel

Senior Cloud Security Architect

Senior Cloud Security Architect

Chris

Chris Romeo

Co-Founder
Security Journey

Chris Romeo is a leading voice and thinker in application security, threat modeling, and security champions and the CEO of Devici and General Partner at Kerr Ventures. Chris hosts the award-winning “Application Security Podcast,” “The Security Table,” and “The Threat Modeling Podcast” and is a highly rated industry speaker and trainer, featured at the RSA Conference, the AppSec Village @ DefCon, OWASP Global AppSec, ISC2 Security Congress, InfoSec World and All Day DevOps. Chris founded Security Journey, a security education company, leading to an exit in 2022. Chris was the Chief Security Advocate at Cisco, spreading security knowledge through education and champion programs. Chris has twenty-six years of security experience, holding positions across the gamut, including application security, security engineering, incident response, and various Executive roles. Chris holds the CISSP and CSSLP certifications.

jim

Jim Manico

Founder of Manicode Security

Jim Manico is the founder of Manicode Security, where he trains software developers on secure coding and security engineering. Jim is also the founder of Brakeman Security, Inc. and an investor/advisor for Signal Sciences. He is the author of Iron-Clad Java: Building Secure Web Applications (McGraw-Hill), a frequent speaker on secure software practices, and a member of the JavaOne Rockstar speaker community. Jim is also a volunteer for and former board member of the OWASP foundation.

Join our Mailing list!

Get all the latest news, exclusive deals, and feature updates.

The IKIGAI concept
x  Powerful Protection for WordPress, from Shield Security
This Site Is Protected By
ShieldPRO