CSCP S4EP11 - Derek Fisher - Strengthening Digital Defenses Inside Application Security and the Role of AI in Cybersecurity
Cyber Security & Cloud Podcast
English - March 03, 2024 23:49 - 32 minutes - 42.7 MBTechnology News Tech News Homepage Download Google Podcasts Overcast Castro Pocket Casts RSS feed
Will AI replace the role of product security? How do you start an application security program and write a book about it? One of the best Application Security mind Derek Fisher is with us today.
Join us on a captivating journey as Derek, a mastermind in product security and a prolific author, shares his expertise on setting up a fortified application security program. We start by unraveling the critical first steps, emphasizing the value of understanding your organization's current cybersecurity landscape and the unique risks it faces. Listen in as we discuss the significance of collaboration between security and engineering teams to pinpoint vulnerabilities and fortify our digital defenses.
The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence.
In our thought-provoking conversation, we tackle the concept of product ownership and the dynamic nature of risk assessment. Derek enlightens us on the challenges of aligning business acumen with technological realities in the context of application security. We also engage in a spirited debate about the various forms of code analysis and the significance of exploitability in the management of risk. It's a discussion that balances the technical intricacies with strategic insights, essential for anyone invested in securing their products. Shifting gears, we explore the innovative realm of 'shifting smart' in application security, moving beyond the traditional 'shift left' paradigm. Discover the benefits and limitations of integrating security tools early in the development cycle and the vital role dynamic environments play in unearthing actionable vulnerabilities. Wrapping up, we delve into the exciting and complex intersection of AI and cybersecurity, pondering the dual-edged sword of advanced technologies like generative AI. Derek offers a nuanced perspective on the future of secure coding and vulnerability management, a must-listen for anyone navigating the evolving cybersecurity landscape.
Tune in to this enlightening episode to equip yourself with the knowledge and insights needed to navigate the evolving landscape of cybersecurity.
00:02: Introduction to Cybersecurity and Cloud Podcast
00:55: The Essence of Application Security Programs
02:19: Journey to Authoring on Application Security
02:38: Building a Robust Application Security Program
03:36: Application Security: A Collaborative Effort
04:22: Assessment and Direction in Application Security Programs
06:52: The Role of Software Bill of Materials (SBOM) in Cybersecurity
09:32: Defining a Product in the Context of Application Security
13:23: Enhancing Software Security Supply Chain Visibility
15:35: Understanding Product Risks and Vulnerability Management
18:31: Evolving Application Security Techniques: SAST, DAST, RASP
27:32: AI's Role in Application Security and Beyond
25:07: Encouraging Secure Online Practices Among Young Users
30:33: The Future of AI in Cybersecurity
32:33: Closing Thoughts and Positive Outlook for Cybersecurity Professionals
Derek Fisher
Linkedin: https://www.linkedin.com/in/derek-fisher-sec-arch/
Application Security Program Handbook: A Guide for Software Engineers and Team Leadershttps://www.amazon.co.uk/Application-Security-Program-Handbook-Engineers/dp/163343981X
Cyber Security and Cloud Podcast hosted by Francesco Cipollone
Twitter @FrankSEC42
Linkedin: linkedin.com/in/fracipo
#CSCP #cybermentoringmonday cybercloudpodcast.com
Social Media Links
Follow us on social media to get the latest episodes:
Website: http://www.cybercloudpodcast.com/
Linkedin: https://www.linkedin.com/company/35703565/admin/
Twitter: https://twitter.com/podcast_cyber
Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/
You can listen to this podcast on your favourite player:
Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ
#Cybersecurity, #appsec #productsecurity #prodsec