Description

In this special episode of the Future of Application Security, Harshil interviews Eric Sheridan, Tromzo’s recently appointed Chief Innovation Officer. Eric shares his 20-year journey in security, from his teenage encounter with Punters (little apps that would flood the target with AIM messages and knock them offline) to developing innovative security technologies at companies including WhiteHat Security (now part of Synopsys). They discuss Eric's experience in building security testing tools, co-founding a company specializing in scanning source code for vulnerabilities, and working on various application security projects throughout his career. The conversation delves into the current challenges and future trends of software and cloud security, emphasizing the need for a holistic approach, the importance of democratizing security, and how to integrate security into the workflows of developers and decision-makers.

Key topics discussed throughout the conversation:

• Understanding an organization's assets and the importance of a single pane of glass for visibility.
• The role of product security teams in providing guidance and operational support to engineering teams.
• The impact of developer-oriented products on security and the future role of application security engineers.
• Benefits of automated policy enforcement and integrating security into CI/CD pipelines.
• Importance of actionable insights for risk owners to effectively remediate vulnerabilities.
• The evolving role of application security teams in the context of democratizing security.
• The importance of integrating security products within non-traditional security tooling platforms, such as GitHub, GitLab, Jfrog, and Datadog.