The Secure Developer http://www.heavybit.com/library/podcasts/the-secure-developer/ A podcast about security for developers, covering tools and best practices. Mon, 22 May 2017 17:17:05 +0000 en-US hourly 1 https://wordpress.org/?v=4.7.5 A podcast about security for developers, covering tools and best practices. Heavybit clean Heavybit content@heavybit.com content@heavybit.com (Heavybit) Heavybit A podcast about security for developers, covering tools and best practices. The Secure Developer http://d3aeja1uqhkije.cloudfront.net/podcasts/the-secure-developer/the-secure-developer.jpg http://www.heavybit.com/library/podcasts/the-secure-developer/ Ep. #10, Dynamic Authorization: The Evolution of Access Controls http://www.heavybit.com/library/podcasts/the-secure-developer/ep-10-dynamic-authorization-the-evolution-of-access-controls/ Fri, 28 Apr 2017 14:25:00 +0000 http://www.heavybit.com/?p=4826 In the latest episode of The Secure Developer, Guy is joined by Aren Sandersen. They examine the current state of access control systems and discuss the need for better education and tooling to support time-bound dynamic access control.

The post Ep. #10, Dynamic Authorization: The Evolution of Access Controls appeared first on Heavybit.

]]>

In the latest episode of The Secure Developer, Guy is joined by Aren Sandersen. They examine the current state of access control systems and discuss the need for better education and tooling to support time-bound dynamic access control.

Aren also explains why most startups consider security too late and reveals the minimum mindset that all early stage startups need to adopt to manage their attack surface.

The post Ep. #10, Dynamic Authorization: The Evolution of Access Controls appeared first on Heavybit.

]]>
In the latest episode of The Secure Developer, Guy is joined by Aren Sandersen. They examine the current state of access control systems and discuss the need for better education and tooling to support time-bound dynamic access control. In the latest episode of The Secure Developer, Guy is joined by Aren Sandersen. They examine the current state of access control systems and discuss the need for better education and tooling to support time-bound dynamic access control. Heavybit clean 26:57
Ep. #9, Making Security More Inclusive http://www.heavybit.com/library/podcasts/the-secure-developer/ep-9-making-security-more-inclusive/ Mon, 20 Mar 2017 19:03:00 +0000 http://www.heavybit.com/?p=4824 In the latest episode of The Secure Developer, Francois Raynaud joins Guy to discuss the current state of IT security, and steps to improve it at your startup.

The post Ep. #9, Making Security More Inclusive appeared first on Heavybit.

]]>

In the latest episode of The Secure Developer, Francois Raynaud joins Guy to discuss the current state of IT security.

Francois explains why a cultural shift is needed to make security more inclusive, with security professionals taking on a greater mentoring and guiding role. Francois discusses why he created DevSecCon, a Development Security Conference aimed at fostering inclusion. He also shares approaches for DevOps and Security teams to better understand what other teams are trying to achieve so they can work collaboratively and improve business security.

The post Ep. #9, Making Security More Inclusive appeared first on Heavybit.

]]>
In the latest episode of The Secure Developer, Francois Raynaud joins Guy to discuss the current state of IT security, and steps to improve it at your startup. In the latest episode of The Secure Developer, Francois Raynaud joins Guy to discuss the current state of IT security, and steps to improve it at your startup. Heavybit clean 30:17
Ep. #8, What’s In A Security Policy? http://www.heavybit.com/library/podcasts/the-secure-developer/ep-8-whats-in-a-security-policy/ Thu, 16 Feb 2017 14:00:00 +0000 http://www.heavybit.com/?p=4442 In this episode of The Secure Developer, Geva Solomonovich, COO at Snyk and founder of Snowy Peak Security joins Guy to discuss security policies, and why you shouldn't wait to implement your own.

The post Ep. #8, What’s In A Security Policy? appeared first on Heavybit.

]]>

In this episode of The Secure Developer, Geva Solomonovich, COO at Snyk and founder of Snowy Peak Security joins Guy to discuss security policies, and why you shouldn’t wait to implement your own.

Geva shares the 3 categories of security policies he developed with his clients and emphasizes that it’s not enough to create a set of documents or processes. You need to establish a security mindset and integrate it into everything you do. Don’t miss this episode for practical tips on reducing your company’s risk surface.

The post Ep. #8, What’s In A Security Policy? appeared first on Heavybit.

]]>
In this episode of The Secure Developer, Geva Solomonovich, COO at Snyk and founder of Snowy Peak Security joins Guy to discuss security policies, and why you shouldn't wait to implement your own. In this episode of The Secure Developer, Geva Solomonovich, COO at Snyk and founder of Snowy Peak Security joins Guy to discuss security policies, and why you shouldn't wait to implement your own. Heavybit clean 32:00
Ep. #7, Understanding Container Security http://www.heavybit.com/library/podcasts/the-secure-developer/ep-7-understanding-container-security/ Mon, 30 Jan 2017 19:51:48 +0000 http://www.heavybit.com/?p=4456 In this episode of The Secure Developer, Ben Bernstein from Twistlock joins Guy to discuss container security. Are you currently using containers, or thinking about moving to containers in your stack? You won’t want to miss this episode.

The post Ep. #7, Understanding Container Security appeared first on Heavybit.

]]>

In this episode of The Secure Developer, Ben Bernstein from Twistlock joins Guy to discuss container security. Are you currently using containers, or thinking about moving to containers in your stack? You won’t want to miss this episode.

With containers, developers control the entire stack. While empowering to developers, this can also open up new security vulnerabilities. Ben and Guy discuss the tools and processes you’ll need to put in place to ensure your containers are compliant and secure.

The post Ep. #7, Understanding Container Security appeared first on Heavybit.

]]>
In this episode of The Secure Developer, Ben Bernstein from Twistlock joins Guy to discuss container security. Are you currently using containers, or thinking about moving to containers in your stack? You won’t want to miss this episode. In this episode of The Secure Developer, Ben Bernstein from Twistlock joins Guy to discuss container security. Are you currently using containers, or thinking about moving to containers in your stack? You won’t want to miss this episode. Heavybit clean 29:12
Ep. #6, Developer War Games: Capture The Flag! http://www.heavybit.com/library/podcasts/the-secure-developer/ep-6-developer-war-games-capture-the-flag/ Tue, 10 Jan 2017 08:05:00 +0000 http://www.heavybit.com/?p=4152 In episode #6 of The Secure Developer, Guy is joined by his Snyk.io co-founder Danny Grander for an in depth discussion on CTF (Capture The Flag) competitions in the security world. Learn about the differences between jeopardy style and attack-defense CTFs, the future of AI powered hacking (and defense!), and where you should start if you're interested in playing.

The post Ep. #6, Developer War Games: Capture The Flag! appeared first on Heavybit.

]]>

In episode #6 of The Secure Developer, Guy is joined by his Snyk.io co-founder Danny Grander for an in depth discussion on CTF (Capture The Flag) competitions in the security world. Learn about the differences between jeopardy style and attack-defense CTFs, the future of AI powered hacking (and defense!), and where you should start if you’re interested in playing.

The post Ep. #6, Developer War Games: Capture The Flag! appeared first on Heavybit.

]]>
In episode #6 of The Secure Developer, Guy is joined by his Snyk.io co-founder Danny Grander for an in depth discussion on CTF (Capture The Flag) competitions in the security world. Learn about the differences between jeopardy style and attack-defense ... In episode #6 of The Secure Developer, Guy is joined by his Snyk.io co-founder Danny Grander for an in depth discussion on CTF (Capture The Flag) competitions in the security world. Learn about the differences between jeopardy style and attack-defense CTFs, the future of AI powered hacking (and defense!), and where you should start if you're interested in playing. Heavybit clean 22:31
Ep. #5, Continuous Security at Chef http://www.heavybit.com/library/podcasts/the-secure-developer/ep-5-continuous-security-at-chef/ Tue, 15 Nov 2016 15:45:00 +0000 http://www.heavybit.com/?p=4156 In the fifth installment of The Secure Developer, Guy talks with Chef CTO Adam Jacob about the role security can play in DevOps and continuous integration/deployment. They cover the differences between baked-in and bolted on security and how automation with Habitat can change the way developers approach secure coding.

The post Ep. #5, Continuous Security at Chef appeared first on Heavybit.

]]>

In the fifth installment of The Secure Developer, Guy talks with Chef CTO Adam Jacob about the role security can play in DevOps and continuous integration/deployment. They cover the differences between baked-in and bolted on security and how automation with Habitat can change the way developers approach secure coding.

The post Ep. #5, Continuous Security at Chef appeared first on Heavybit.

]]>
In the fifth installment of The Secure Developer, Guy talks with Chef CTO Adam Jacob about the role security can play in DevOps and continuous integration/deployment. They cover the differences between baked-in and bolted on security and how automation... In the fifth installment of The Secure Developer, Guy talks with Chef CTO Adam Jacob about the role security can play in DevOps and continuous integration/deployment. They cover the differences between baked-in and bolted on security and how automation with Habitat can change the way developers approach secure coding. Heavybit clean 42:58
Ep. #4, Getting Down To The Metal http://www.heavybit.com/library/podcasts/the-secure-developer/ep-4-getting-down-to-the-metal/ Sat, 05 Nov 2016 14:45:00 +0000 http://www.heavybit.com/?p=4148 In episode #4 of The Secure Developer, Guy is joined by Eric Lawrence of the Google Chrome security team. Eric and Guy begin with a discussion on what it takes to be a great security engineer - namely curiosity and a willingness to learn. Later they discuss the growing importance of the modern web browser, and how security previously only found in operating systems is now moving into browsers themselves. Finally they discuss the current state of HTTPS, including the carrots and the sticks that browser designers like Eric have at their disposal.

The post Ep. #4, Getting Down To The Metal appeared first on Heavybit.

]]>

In episode #4 of The Secure Developer, Guy is joined by Eric Lawrence of the Google Chrome security team. Eric and Guy begin with a discussion on what it takes to be a great security engineer – namely curiosity and a willingness to learn. Later they discuss the growing importance of the modern web browser, and how security previously only found in operating systems is now moving into browsers themselves. Finally they discuss the current state of HTTPS, including the carrots and the sticks that browser designers like Eric have at their disposal.

The post Ep. #4, Getting Down To The Metal appeared first on Heavybit.

]]>
In episode #4 of The Secure Developer, Guy is joined by Eric Lawrence of the Google Chrome security team. Eric and Guy begin with a discussion on what it takes to be a great security engineer - namely curiosity and a willingness to learn. In episode #4 of The Secure Developer, Guy is joined by Eric Lawrence of the Google Chrome security team. Eric and Guy begin with a discussion on what it takes to be a great security engineer - namely curiosity and a willingness to learn. Later they discuss the growing importance of the modern web browser, and how security previously only found in operating systems is now moving into browsers themselves. Finally they discuss the current state of HTTPS, including the carrots and the sticks that browser designers like Eric have at their disposal. Heavybit clean 47:33
Ep. #3, Security From The Start http://www.heavybit.com/library/podcasts/the-secure-developer/ep-3-security-from-the-start/ Wed, 26 Oct 2016 08:12:31 +0000 http://www.heavybit.com/?p=4033 In episode 3 of The Secure Developer, Guy is joined by Sabin Thomas, VP of Engineering at Codiscope, where he creates tools that help developers build and deploy secure code faster. The two discuss the difficulties presented by the accelerating release of new tools and frameworks, the problem of too many sticks and not enough carrots, and the benefits of designing with security in mind from the start.

The post Ep. #3, Security From The Start appeared first on Heavybit.

]]>

In episode 3 of The Secure Developer, Guy is joined by Sabin Thomas, VP of Engineering at Codiscope, where he creates tools that help developers build and deploy secure code faster. The two discuss the difficulties presented by the accelerating release of new tools and frameworks, the problem of too many sticks and not enough carrots, and the benefits of designing with security in mind from the start.

The post Ep. #3, Security From The Start appeared first on Heavybit.

]]>
In episode 3 of The Secure Developer, Guy is joined by Sabin Thomas, VP of Engineering at Codiscope, where he creates tools that help developers build and deploy secure code faster. The two discuss the difficulties presented by the accelerating release... In episode 3 of The Secure Developer, Guy is joined by Sabin Thomas, VP of Engineering at Codiscope, where he creates tools that help developers build and deploy secure code faster. The two discuss the difficulties presented by the accelerating release of new tools and frameworks, the problem of too many sticks and not enough carrots, and the benefits of designing with security in mind from the start. Heavybit clean 34:31
Ep. #2, Making Security A Requirement http://www.heavybit.com/library/podcasts/the-secure-developer/ep-2-making-security-a-requirement/ Mon, 10 Oct 2016 21:14:15 +0000 http://www.heavybit.com/?p=3889 In this episode of The Secure Developer, Guy hosts RisingStack Founder and CEO Gergely Nemeth. The pair discuss the difficulties of selling security as a requirement, some of the most common attack vectors used on today's web, and finally about the work Gergely is doing on Trace, a Node.js focused tool that makes debugging code simple.

The post Ep. #2, Making Security A Requirement appeared first on Heavybit.

]]>

In this episode of The Secure Developer, Guy hosts RisingStack Founder and CEO Gergely Nemeth. The pair discuss the difficulties of selling security as a requirement, some of the most common attack vectors used on today’s web, and finally about the work RisingStack is doing on Trace, a Node.js focused tool that makes debugging code simple.

The post Ep. #2, Making Security A Requirement appeared first on Heavybit.

]]>
In this episode of The Secure Developer, Guy hosts RisingStack Founder and CEO Gergely Nemeth. The pair discuss the difficulties of selling security as a requirement, some of the most common attack vectors used on today's web, In this episode of The Secure Developer, Guy hosts RisingStack Founder and CEO Gergely Nemeth. The pair discuss the difficulties of selling security as a requirement, some of the most common attack vectors used on today's web, and finally about the work Gergely is doing on Trace, a Node.js focused tool that makes debugging code simple. Heavybit clean 27:37
Ep. #1, Prioritizing Secure Development http://www.heavybit.com/library/podcasts/the-secure-developer/ep-1-prioritizing-secure-development/ Thu, 22 Sep 2016 16:25:49 +0000 http://www.heavybit.com/?p=3640 In our first episode, Guy is joined by Kyle Randolph, Principal Security Engineer at Optimizely. Kyle and Guy discuss the sometimes difficult but always important task of prioritizing security in your engineering organization. Kyle shares stories from his time at Optimizely, Adobe, and Twitter.

The post Ep. #1, Prioritizing Secure Development appeared first on Heavybit.

]]>

Welcome to The Secure Developer, a podcast about security for developers, covering security tools and practices you can and should adopt into your development workflow. The Secure Developer is hosted by Guy Podjarny, CEO and Co-founder of Snyk. Follow the show on Twitter @thesecuredev.

In our first episode, Guy is joined by Kyle Randolph, Principal Security Engineer at Optimizely. Kyle and Guy discuss the sometimes difficult but always important task of prioritizing security in your engineering organization. Kyle shares stories from his time at Optimizely, Adobe, and Twitter.

The post Ep. #1, Prioritizing Secure Development appeared first on Heavybit.

]]>
In our first episode, Guy is joined by Kyle Randolph, Principal Security Engineer at Optimizely. Kyle and Guy discuss the sometimes difficult but always important task of prioritizing security in your engineering organization. In our first episode, Guy is joined by Kyle Randolph, Principal Security Engineer at Optimizely. Kyle and Guy discuss the sometimes difficult but always important task of prioritizing security in your engineering organization. Kyle shares stories from his time at Optimizely, Adobe, and Twitter. Heavybit clean 28:35