Inside AppSec
60 episodes - English - Latest episode: over 2 years ago -Contrast Security provides the industry’s only DevOps-Native AppSec Platform using instrumentation to continuously analyze and protect software from within the application. This enables businesses to see more of the risks in their software and less development delays and AppSec complexity. The Contrast platform integrates seamlessly into development pipelines, enabling easier security bug and vulnerability fixes that significantly speed release cycles. The Contrast Inside AppSec Podcast features informative, engaging interviews with security, development, and business leaders on application security trends and innovation. Visit Contrast Security at contrastsecurity.com.
Homepage Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
CISA Order: Mandatory Remediation
December 06, 2021 12:00 - 28 minutes - 15.1 MBCISA recently introduced binding order 22-01 to remediate known vulnerabilities. The order requires federal agencies to remediate vulnerabilities that are actively exploited, or potentially lose their authority to operate. We talk with former government service-men and employees to hear about what this means for federal groups.
New Serverless Application Security Solution Is a Transformative Breakthrough
October 19, 2021 04:00 - 31 minutes - 21.5 MBForrester predicts that 25% of developers will be using serverless technologies by the end of next year. There are a lot of benefits from serverless applications: faster release cycles, lower infrastructure costs, and improved efficiencies. Yet, at the same time, organizations are running into application security roadblocks. Legacy application security tools simply cannot scale or keep pace demanded by serverless applications. In response, Contrast just released Contrast Serverless Applicat...
Key Takeaways From a New Serverless Application Security Report
October 19, 2021 03:00 - 35 minutes - 24.3 MBSoftware development is a core component of digital transformation, and the use of serverless technologies is helping to accelerate release cycles to new heights. A panel of serverless application security experts discuss key findings and insights from a new survey report on serverless application security in this Inside AppSec Podcast. The moderated discussion touches on topics such as the current and future outlook of serverless applications, the top application security challenges organiz...
Contrast Labs Sets a High Bar and Plays a Critical Role in Protecting Contrast Customers
October 13, 2021 18:00 - 42 minutes - 29.3 MBContrast Labs was a fledgling organization just a few years ago when Contrast’s CISO David Lindner took on the mantle of leadership. Today, Contrast Labs is a pivotal linchpin—threat modeling to protect Contrast’s network, applications, users, and data from malicious attacks, providing engineering with product ideas, overseeing product bug bounty programs, and competing in capture-the-flag (CTF) events. In addition to discussing each of these topics, Lindner explains how his team has partner...
Why More Isn't Better When It Comes to AppSec and Why Less Is Better
September 28, 2021 15:00 - 35 minutes - 24.6 MBCybersecurity adheres to the belief that the more results you can generate, the better your security model. This is certainly true in the application security space, where the more alerts that are generated, the better an organization's security posture. But this isn't necessarily true. In this Inside AppSec Podcast interview, Contrast's Chief Scientist and Co-founder Arshan Dabirsiaghi and Head of Product Marketing Mahesh Babu discuss why this belief is so firmly entrenched in the applicati...
Behind-the-Scenes Perspectives on the Compilation, Analysis, and Publication of the 2021 OWASP Top Ten
September 24, 2021 10:00 - 52 minutes - 36.3 MBThe 2021 OWASP Top Ten was a huge research and analytical undertaking involving over 500,000 applications and 200 CWEs. The amount of data analyzed was upwards of 4x greater than what was used for the 2017 OWASP Top Ten release. OWASP Top Ten Co-Lead and Union University Professor Brian Glas discusses how the data was compiled and analyzed and how the OWASP Top Ten categories were reevaluated. This in-depth Inside AppSec Podcast interview also examines the rationales behind each of the 10 ca...
Key Takeaways and AppSec Recommendations From the 2021 OWASP Top Ten
September 24, 2021 09:00 - 50 minutes - 35 MBThe 2021 OWASP Top Ten contains some significant changes, including several additions. Understanding what changed and why they changed is important for application security professionals. This Inside AppSec Podcast features Contrast Security's CTO and Co-founder Jeff Williams and CISO David Lindner who explore the changes and additions to the Top Ten and how organizations should use the Top Ten to manage their application risks.
Serious Vulnerabilities Per Application Jump in Latest Bimonthly AppSec Intelligence Report
August 13, 2021 00:00 - 26 minutes - 17.9 MBThe number of vulnerabilities per application in the May-June Bimonthly Application Security Intelligence Report from Contrast Labs remained flat, but the number of serious vulnerabilities jumped. This Inside AppSec Podcast conversation discusses what vulnerability types saw the biggest increases and which ones are the most concerning. The podcast also covers the latest insights into the Contrast RiskScore and findings on attacks and explores trends per languages during May and June.
Key Insights on Security Debt and Vulnerability Escape Rate Trends (New Report) - Part 1
August 04, 2021 10:00 - 30 minutes - 21.1 MBThe more application security debt an organization carries, the greater the risk and operational inefficiencies. Contrast Security's CTO and Co-founder Jeff Williams and CISO David Lindner reflect on security debt findings in Contrast's 2021 Application Security Observability Report in this Inside AppSec podcast—the first show in a series of three on the report. Areas of discussion include observations on the time required to achieve median time to remediate resolved vulnerabilities and the ...
Key Insights on Application Vulnerabilities and Attacks (New Report) – Part 2
August 04, 2021 10:00 - 29 minutes - 20.5 MBThe percentage of applications with serious vulnerabilities increased significantly over the past year. However, vulnerability prevalence varied across vulnerability type. Knowing which ones are the most prevalent and with the greatest likelihood to impact enables security and development teams to prioritize vulnerability remediation. As developers experience what the two guests—Contrast Security's CTO and Co-founder Jeff Williams and CISO David Lindner—in this Inside AppSec podcast describe...
Key Insights on Application Makeup: Custom and Open-source Code (New Report) – Part 3
August 04, 2021 10:00 - 26 minutes - 18 MBIf anything, the recent software supply chain attacks demonstrate the interconnectivity of modern software and the exponential risk one successful exploit poses to thousands of organizations worldwide. Contrast Security's annual 2021 Application Security Observability Report finds that custom code comprises a substantial percentage of active application code. A large percentage of open-source libraries are inactive, and moreover a majority of classes in active libraries are never invoked. Co...
Java Applications Under Attack Barrage in Latest Contrast Labs Bimonthly AppSec Intel Report
June 23, 2021 23:00 - 21 minutes - 15 MBThe March–April 2021 Bimonthly AppSec Intelligence Report from Contrast Labs pegs the overall RiskScore Index at 5.06, the lowest since July 2020. This should be good news, especially with the percentage of applications with a serious vulnerability decreasing in this bimonthly time frame. However, the number of applications with serious vulnerabilities remained higher than any month since November. Further, the percentage of applications impacted by specific attack types increased 9% and att...
CVE-2020-17091: Remote Code Execution Vulnerability in Microsoft Teams Found by Contrast Labs
June 15, 2021 14:00 - 29 minutes - 20.6 MBContrast Labs’ Director of Security Research Matt Austin discovered a Remote Code Execution (RCE) vulnerability in Microsoft Teams that could have exposed the Microsoft Teams software supply chain to a malicious exploit that could have impacted millions of users and thousands of businesses. Listen to this podcast interview with Matt to find out how he found the vulnerability and worked with Microsoft to confirm it. Matt also discusses how the Contrast Application Security Platform enables or...
Contrast DevSecOps Platform Now Includes Pipeline-native Static Analysis
June 10, 2021 12:00 - 26 minutes - 18.5 MBIncumbent legacy static analysis approaches employ large rule sets to look for code quality issues that require lengthy scan processes and generate large piles of findings—many of which are false positives. Contrast Security's Chief Strategy Officer Surag Patel and Sr. Product Marketing Director Mahesh Babu discuss the addition of Contrast Scan to the Contrast Application Security Platform in this Inside AppSec Podcast. Using a breakthrough pipeline-native static analysis approach that uses ...
Digital Transformation in Financial Services Accelerates, Application Security Struggles to Keep Up
May 26, 2021 13:00 - 27 minutes - 18.8 MBContrast Security’s 2021 State of Application Security in Financial Services Report canvasses a number of topics related to application security in financial services such as how the rapid adoption of DevOps/Agile in financial services is outpacing application security, how application security is inefficient and often slows down release cycles, the amount of time security and development teams spend managing application security, and the risks financial services organizations are facing fro...
Navigating Open-source Security Obstacles and Mapping Out Solution Requirements (Part 2)
May 19, 2021 20:00 - 20 minutes - 14.4 MBThe recent Contrast Security 2021 Open-source Security Report reveals real-world (and previously undiscovered) aspects about open-source library usage and the risks associated with it. Legacy approaches to open-source security generate alert noise, struggle to track software licensing risks, and poorly integrate with existing CI/CD processes and development tools. Contrast OSS offers a comprehensive DevSecOps model that solves these challenges. In this Inside AppSec Podcast, Contrast open-so...
Open-source Library Risks Expose the Software Supply Chain (Part 1)
May 19, 2021 19:00 - 28 minutes - 19.7 MBUse of open-source frameworks and libraries offers organizations added scale—the ability to achieve the speed and efficiency demanded by the modern software development life cycle (SDLC). Yet, there are various differences in open-source libraries in terms of vulnerabilities and licensing, and open source can expose applications to significant risk if the right application security approach is not taken. Listen to this Inside AppSec Podcast with Contrast Security subject-matter experts Joe C...
Software Supply Chain Is a Priority in the Latest Contrast Security Bimonthly AppSec Intel Report
May 07, 2021 18:00 - 22 minutes - 15.7 MB2021 is the year of the software supply chain when it comes to cyber risks. Thousands of organizations have been repeatedly hit from multiple points across the software factory attack surface. The January-February 2021 Contrast Labs Bimonthly AppSec Intelligence Report contains trend data reflecting these concerns. In this Inside AppSec podcast, Contrast Security's CISO David Lindner and Sr. Data Analyst and Data Scientist Katharine Watson discuss highlights and key takeaways in the report. ...
Modern Application Security Now Available for Golang Applications
May 06, 2021 13:00 - 12 minutes - 8.88 MBGo is an open-source programming language that makes it easy to build simple, reliable, and efficient software across various operating systems. But until now, developers and application security specialists were stuck using legacy application security methods that generated high volumes of false positives and struggled to secure application programming interfaces (APIs)—which are often written in Go. In this Inside AppSec podcast, several members of the Contrast product and engineering team...
Right and Wrong DevSecOps Metrics: Measuring What Counts
April 28, 2021 20:00 - 24 minutes - 17.1 MBThe metrics many organizations use today to measure the success of their application security programs fail to capture risks that matter to the business and incentivize the wrong outcomes. A comprehensive approach to DevSecOps that uses metrics that reflect actual risk measures areas such as vulnerabilities remediated, mean time to remediate, and blocked attacks that could have exploited a vulnerability. In this Inside AppSec podcast interview, Contrast Security’s Sr. Director of Product Mar...
Recommendations for Protecting Applications in Production From Known and Unknown Attacks
April 22, 2021 22:00 - 31 minutes - 21.4 MBTraditional perimeter-defense solutions sit outside of applications in production and lack deep insights about applications to more precisely identify potential attacks. The resulting "guessing game" produces high numbers of alerts. Contrast Security's Vikas Phonsa and Blake Connell are experts when it comes to application production runtime protection. In this Inside AppSec podcast, they discuss how perimeter-defense approaches are ineffective in blocking many types of threats and are highl...
Breaking Down Findings & Insights From Contrast Security's 2021 State of Open-source Security Report
April 08, 2021 13:00 - 35 minutes - 24.4 MBMuch attention has been given to the software supply chain over the past several months due to the SolarWinds hack. Open-source libraries are a critical part of the software supply chain, and they can pose serious risk if they are not monitored and managed appropriately. Legacy software composition analysis tools equate third-party vulnerabilities on a level playing field. But the reality is most third-party code is never invoked by the applications in which they reside and pose no risk. A g...
Application Security Findings and Insights From Kenna Security's Latest Research Report
March 09, 2021 22:00 - 33 minutes - 22.8 MBKenna Security explores detailed data trends for vulnerabilities in the wild, including those found in applications, in its Prioritization to Prediction research series. The company's research includes attack data that is overlaid on top of the vulnerability datasets to determine risk. This Inside AppSec Podcast interview with Kenna Security CTO and Co-founder Ed Bellis explores application security findings and insights from the Prioritization to Prediction Volume 6 report.
Contrast Labs Researcher Finds Dependency Confusion Vulnerability in Microsoft Teams
March 03, 2021 16:00 - 16 minutes - 11.2 MBThe list of organizations with applications that contain the recently discovered dependency confusion vulnerability continues to grow. Contrast Labs added another one to the list when it identified the vulnerability in an open-source library used by Microsoft Teams. In this Inside AppSec Podcast, Contrast Security's Director of Security Research Matt Austin discusses how he found the vulnerability and what potential risks it posed.
New Open-source Dependency Confusion Vulnerability Threatens Software Supply Chain
February 23, 2021 15:00 - 20 minutes - 14.4 MBNewly discovered dependency confusion vulnerability found in 35 enterprises—and counting—and threatens software supply chain. Bad actors could inject malicious code without any victim action by redirecting open-source updates to compromised open-source code repos. In this Inside AppSec Podcast, Contrast Security's Director of Security Research discusses why dependency confusion poses a serious threat and how they can detect and remediate the vulnerability before bad actors exploit it.
Vulnerabilities Continue To Plague .NET Applications, Injection Attacks Ratchet Up in Concern
February 10, 2021 16:00 - 25 minutes - 17.3 MBThe latest Bimonthly Application Security Intelligence Report from Contrast Security shows a continued rise in vulnerabilities in .NET applications and a sharp increase in SQL and command injection attacks in late 2020. The percentage of applications with serious vulnerabilities also rose, which should give cause for concern. In this Inside AppSec Podcast, Contrast Security's CISO David Lindner and Sr. Data Analyst and Data Scientist Katharine Watson discuss these and other findings from the...
Building a Risk-Scoring Model for Applications: Initial Algorithm and the Underlying Data Elements
February 02, 2021 16:00 - 24 minutes - 16.9 MBMost risk-scoring models for applications are too simplistic, lacking the breadth of data points needed to provide an accurate risk index. A few open-source projects attempt to build application risk models that are sophisticated enough to account for all of the data and associated nuances needed to pinpoint a risk score that is accurate and meaningful. The problem is that they are too complex to easily implement and manage in an ongoing basis. In response, Contrast Security recently release...
Kaizen Gaming Embraces Application Security Instrumentation, Sees Tangible Returns
January 04, 2021 16:00 - 12 minutes - 8.5 MBWith headquarters in Greece and 750-plus employees, Kaizen Gaming delivers casino and sports games that tally more than 200 million annual customer transactions. In this Inside AppSec Podcast, Kaizen Gaming's Technical Security Manager Aggelos Karonis discusses why he and his team turned to application security using instrumentation based on Contrast Security. The podcast interview touches on some of the business outcomes as well as key lessons learned.
Reexamining Application Security Following the SolarWinds Hack
December 23, 2020 14:00 - 24 minutes - 16.7 MBThe SolarWinds cyberattack has been dubbed the “hack of the decade” with over 18,000 SolarWinds customers affected. It accentuates the critical importance of software security—from technology to processes. In this Inside AppSec Podcast, Contrast Security’s CTO and Co-Founder Jeff Williams discusses emerging details around the hack and implications for application security.
State of DevSecOps Report: 95% of Organizations Experienced a Successful Application Exploitation
December 15, 2020 16:00 - 28 minutes - 19.3 MBThis Inside AppSec podcast interview with Contrast Security's CTO and Co-Founder Jeff Williams examines key findings in Contrast's 2020 State of DevSecOps Report. With 95% of organizations reporting at least one successful application exploit in the past year, development, operations, and security professionals need to take heed and ensure they have the right security measures in place. In addition to application risk, the interview touches on a number of other topics, including the deleteri...
Serious Vulnerabilities Increase, .NET Applications Targeted by 4 of 5 Top Attack Types
December 15, 2020 15:00 - 20 minutes - 14.3 MBIn this Inside AppSec podcast, Contrast Security's CISO David Lindner and Data Scientist Katharine Watson discuss findings from the September–October 2020 Application Security Intelligence Report from Contrast Labs. Serious vulnerabilities and attacks are on the rise and .NET applications are an increasing focus area for cyber criminals, with four of the top five attack types increasing in prevalence for .NET applications by 20% or more.
What It Takes To Get a 4.8/5.0 Score for Gartner Peer Insights Customers' Choice
October 14, 2020 13:00 - 27 minutes - 18.8 MBThe Gartner Peer Insights Customers' Choice for Application Security Testing (AST) recognizes AST vendors based on their customer reviews. Contrast scored the highest in the AST category with a 4.8/5.0. In this Inside AppSec podcast, Contrast's VP of Customer Success Scott Chaykin and Head of Customer Marketing Jaweed Metz discuss what Contrast does to ensure customers have great experiences and support using its technology.
Department of Defense Officer Builds a Successful InfoSec Career, Including Transition to the Private Sector
October 13, 2020 15:00 - 28 minutes - 19.3 MBThe transition from the public to private sector can be difficult for some. This wasn't the case for Jimmy Xu, who serves as the director of Cloud Security and DevSecOps at technology integrator and consultancy Trace3. In this Inside AppSec podcast, Jimmy discusses how he became interested in InfoSec and how he built a successful career in the DoD that set the stage for a transition into the private sector. He also provides insights into key cloud and application security trends and what sec...
Developers and Application Security Practices in the Technology Sector: Reflections on Recent Survey Findings
October 12, 2020 20:00 - 27 minutes - 18.7 MBSome of the world's top-performing development teams are in the technology sector. It should not be a surprise that Agile and DevOps adoption rates are the highest among these teams, with pace of change and speed are often critical business differentiators. Those unable to keep up discover their revenues and customer base shrinking. This Inside AppSec podcast examines findings from a recent survey report published by Contrast Security that sought to discover the state of application security...
Serious Vulnerabilities Increase While Overall Vulnerabilities Decrease in July-August
October 09, 2020 17:00 - 18 minutes - 12.4 MBContrast Labs’ latest bimonthly research findings (“Application Security Intelligence Report”) unearthed some positive vulnerability and attack trends. Overall application vulnerabilities decreased, and the number of attacks hitting an existing vulnerability in production also shrank to just 1%. But a deeper look reveals cause for concern due to the lack of prioritization in vulnerability management, attacks on .NET applications, and more. Listen to this Inside AppSec podcast with Contrast S...
Contrast-on-Contrast Use Cases and Business Value Analysis: Key Insights and Learnings
September 24, 2020 16:00 - 23 minutes - 16.2 MBFrom almost day one of development, Contrast has used the Contrast Application Security Platform to secure and protect TeamServer, the UI and analytics engine for the Contrast platform. In this podcast, David Hafley, the vice president of engineering whose team oversees the development of TeamServer, discusses features and integrations in the Contrast platform that his team uses. Tim Franklin, the business value analysis program manager at Contrast, joins the conversation to overview the cos...
DevSecOps Consultant Discusses AppSec Trends and Provides Career Insights and Recommendations
September 09, 2020 21:00 - 34 minutes - 23.5 MBToo often, DevOps and AppSec are spoken about in two different vernaculars. The reality is that they are intertwined at the hip and their individual successes are contingent on one another—whether faster business acceleration, improved efficiencies, or better risk management. In this Inside AppSec podcast, EVOTEK's IT Strategist Greg Sternberg discusses how DevOps and AppSec must be thought of together and spells out some of the key trends that he sees taking place in DevSecOps. Greg also ex...
Application Security Through the Lens of Risk Management
August 19, 2020 21:00 - 35 minutes - 24.5 MBAs cyber criminals have become more advanced in their use of attack techniques and the digital world expands at a record rate, the need for organizations to assess their risks and develop policies to manage those risks continues to grow. Applications are certainly on the front battle lines, with almost half of data breaches in the past year being tracked back to application vulnerabilities. This podcast features award-winning author and risk assessment and policy development expert Doug Land...
SQL Injection Vulnerability and .NET Application Attacks Spike
August 11, 2020 13:00 - 18 minutes - 12.9 MBContrast Labs’ latest bimonthly research findings (“Application Security Intelligence Report”) looks at application vulnerability and attack trends against COVID-19 data—identifying potential areas of alignment. Attacks on SQL injection and broken access control vulnerabilities were up considerably. With SQL injection vulnerabilities found in more than twice the number of applications than vulnerabilities in general, this serves as a warning light for those responsible for application securi...
Key Takeaways from Contrast’s “2020 Application Security Observability Report”
July 24, 2020 12:00 - 24 minutes - 16.8 MBDigital transformation is driving a dramatic acceleration in the development of new applications and the evolution of existing ones. But the expanded application attack surface and demands for greater velocity in application development cycles ratchet up risk and impede innovation. Contrast’s “2020 Application Security Observability Report” provides development, security, and operations professionals with a deep dive and analysis around application vulnerabilities, attacks, open-source frame...
Serious Vulnerabilities Increase 23% Per New Bimonthly AppSec Intelligence Report
July 02, 2020 00:00 - 14 minutes - 10 MBContrast Labs publishes research findings based on customer vulnerability and attack data in a bimonthly report. The March-April report pinpoints what percentage of applications contain vulnerabilities and how many vulnerabilities exist on average per application. It also identifies vulnerability attacks that spiked the most over the two-month time frame as well as which vulnerabilities pose the greatest risk based on prevalence and likelihood factors. In this Inside AppSec podcast, Contrast...
Instrumentation Disrupts Application Security—from Development Through Production
June 25, 2020 15:00 - 33 minutes - 23.1 MBLegacy application security approaches simply cannot scale to the velocity demands of modern software development. As they lack vulnerability context because they run outside of the software, they slow development cycles, impede innovation, and incur substantial inefficiencies and cost. When applications are released into production, this same outside-in approach generates huge numbers of false positives while requiring operations teams to spend significant time calibrating and recalibrating...
An Interview with New Contrast Board Member and Industry Cybersecurity and APM Pioneer Joe Sexton
June 17, 2020 17:00 - 35 minutes - 24.4 MBApplication performance management anchored its foundation in instrumentation, empowering developers to detect and diagnose application performance problems while writing code to meet the business’s service-level requirements. The same is happening in the area of application security, where instrumentation unlocks automation, dramatically improves accuracy, and speeds vulnerability detection and remediation. New Contrast Security Board Member Joe Sexton spent numerous years of his career in ...
Application Security from the Perspective of the Board of Directors
June 17, 2020 17:00 - 35 minutes - 24.4 MBApplication performance management anchored its foundation in instrumentation, empowering developers to detect and diagnose application performance problems while writing code to meet the business’s service-level requirements. The same is happening in the area of application security, where instrumentation unlocks automation, dramatically improves accuracy, and speeds vulnerability detection and remediation. New Contrast Security Board Member Joe Sexton spent numerous years of his career in ...
DevOps Trends and Best Practices: A Perspective from the Trenches
June 04, 2020 14:00 - 23 minutes - 16.1 MBDigital transformation forms a critical part of almost every organization's business strategy. DevOps and Agile are critical enablers as organizations seek to accelerate their business by enhancing existing applications and developing new ones. But DevOps and Agile—along with containers, microservices, and multiple clouds—introduce new complexities and challenges. In this Inside AppSec podcast, IBM's Developer Advocate JJ Asghar discusses what trends he is seeing in the marketplace and what ...
When Application Vulnerabilities Are First Reported on Social Media: Strategies and Recommendations
May 29, 2020 23:00 - 15 minutes - 10.7 MBThe U.S. Department of Energy’s Pacific Northwest National Laboratory reports that one-quarter of software vulnerabilities appear on social media sites—GitHub, Twitter, and Reddit—before they are logged in the National Vulnerability Database. Cybersecurity professionals aren’t the only ones to notice; cyber criminals are busy exploiting this gap. Should professionals tasked with application security be using social media to identify software vulnerabilities? Or is there a better way? In this...
Exploring the Risks of Python in Applications and How to Protect Your Applications from Them
May 26, 2020 15:00 - 27 minutes - 19 MBDevelopers are embracing Python programming language in growing numbers. It is the most studied language among developers and is used for myriad applications. As a dynamic programming language (as opposed to Java and C that are static languages), variable type is not determined in the application until runtime. For application security to accurately and effectively do its job, Python code must be evaluated in runtime. But this is not possible with legacy AppSec approaches such as static appl...
Application Security: A Priority for Managing Business Risk for Today's CISO/CSO (Part 2)
May 21, 2020 23:00 - 12 minutes - 8.35 MBHistorically, application security was only in the peripheral purview of the CISO/CSO. But times are changing according to executive cybersecurity recruiter André Tehrani (partner at Recrewmint). In this podcast (part two of a two-part series), André discusses why his firm’s clients are placing application security at the top of the list of skillsets and experience when they engage his firm to identify and recruit new CISOs/CSOs. Firms in the midst of recruiting their next CISO/CSO will lear...
What It Takes to Be a Winning CISO/CSO Candidate (Part 1)
May 21, 2020 20:00 - 28 minutes - 19.9 MBThis podcast—the first in a two-part series—features an interview with André Tehrani, a partner at Recrewmint, a firm focused singularly on cybersecurity recruiting services at the executive level. André explains how the role of the CISO/CSO has never been so difficult. C-suite executives and boards of directors are seeking CISOs/CSOs with not only the technical cybersecurity skills and experience but also broad business acumen. Soft skills are more than just differentiators for winning cand...
Strategies and Tactics Managing Open-Source Risk (Part 2)
May 13, 2020 23:00 - 16 minutes - 11.6 MBOpen-source software (OSS) is critical to software development by accelerating time to market while reducing operating costs. But like any software, OSS introduces layers of risk—both security and IP. Successfully managing OSS is increasingly tied to automating application security processes. Leveraging automation, organizations can track open-source components in use, understand underlying layers of risk, and enable effective mitigation actions. In this Inside AppSec podcast interview, the ...