Shows
Future of Application SecurityEP 60 - Appian’s Abdullah Munawar on Enhancing Product Security Amid Evolving Development TrendsIn this episode of the Future of Application Security podcast, Harshil speaks with Abdullah Munawar, Director of Product Security at Appian. Abdullah shares valuable insights into his journey from security assessments and consulting to leading product security efforts, discussing the evolving challenges and strategies for building effective security programs in modern development environments.
He discussed the importance of evolving security practices beyond identification to implementation within organizations, including the need for a holistic approach to product security and focusing on high-priority vulnerabilities. Abdullah also explains the challenges of maintaining data quality in AI companies.
Topics di...2024-05-2221 min
Future of Application SecurityEP 59 - Nat Mokry on Advancing Application Security in the Gaming IndustryIn our latest episode of the Future of Application Security podcast, Nat Mokry, VP of Application & Product Security at Xbox (formerly of Activision Blizzard at the time of recording), shares valuable insights into the world of application security, from the mission of defending player trust to emphasizing the importance of technical skills in cybersecurity.
Nat provides guidance on building effective security teams and navigating the evolving challenges in the industry.
Topics discussed:
Earning and defending player trust as a guiding principle of business and strategies for making mission statements actionable.
Building and structuring a d...2024-04-2426 min
Future of Application SecurityEP 58 — Asana's Felix Matenaar on Building Resilient Security Practices for the FutureIn this episode of the Future of Application Security podcast, Harshil interviews Felix Matenaar, Head of Product Security at Asana. Felix shares insights into his journey from Germany to Silicon Valley, where he transitioned from mobile security to leading Asana's product security efforts.
The conversation highlights Felix's experience in creating security frameworks that eliminate vulnerabilities by building secure product lifecycles and ensuring alignment with business objectives. His approach integrates rigorous security measures directly into the development process, reflecting Asana's commitment to robust, proactive security.
Topics Discussed:
Felix discusses his transition from software engineering to...2024-04-1032 min
Future of Application SecurityEP 57 — Clari's Steve Lukose on Using SLAs as Benchmarks for BusinessesIn this episode of the Future of Application Security, Harshil speaks with Steve Lukose, Vice President of Security at Clari, about how security is becoming a business enabler rather than just an organization.
Steve explains why SLAs will become one of the benchmarks for security experts to use, but that it won’t necessarily be for all aspects of security. Still, they’ll be a great tool to help security organizations plan ahead for their next steps.
They also discuss the importance of cross functional collaboration, why your team should build relationships outside of the group...2024-03-2727 min
Future of Application SecurityEP 56 — Aruneesh Salhotra on Why Security is Everyone’s JobIn this episode of the Future of Application Security, Harshil speaks with Aruneesh Salhotra, CEO and Fractional CISO, SNM Consulting Inc. They discuss the unique challenges and opportunities of application security in the financial sector, including how the "necessary evil" of regulations is increasing accountability around security efforts. They also talk about the need for more vigilant software supply chain security, two better approaches to vulnerability management, and how AI can create self-sufficiency among developers.
Topics discussed:
The "necessary evil" of regulations and how they're increasing accountability around data storage, pen testing, and more.
Two approaches...2024-02-2824 min
Future of Application SecurityEP 55 — BlackBerry's Christine Gadsby on What's Driving Software Supplier Transparency and AccountabilityIn this episode of the Future of Application Security, Harshil speaks with Christine Gadsby, VP, Product Security at BlackBerry, a software company specializing in cybersecurity. They discuss the new initiatives driving software transparency, like SBOMs and VEX, and how adoption will not only come from regulations but from companies holding their software suppliers more accountable. They also talk about the need for better telemetry practices and more connected tooling and how security professionals can get involved in industry change and mentorship.
Topics discussed:
The important role frameworks like NIST 800-218 and CISA's Secure By Design will...2024-02-1426 min
Future of Application SecurityEP 54 — LPL Financial's Chad Girouard on Improving Application Security Through Better Tools and RelationshipsIn this episode of the Future of Application Security, Harshil speaks with Chad Girouard, AVP Application Security at LPL Financial, a provider of investment and business solutions. They discuss how security teams can better engage with developers, and how they can encourage secure coding through scanning tools and security champion programs. They also talk about how to manage the "results deluge" with single-pane-of-glass tools, how AI can help with more meaningful reporting, and why security buy-in is a team effort.
Topics discussed:
How to manage the various challenges of application security: competing tools, relationships, maturity, and...2024-01-3123 min
Future of Application SecurityEP 53 — ReversingLabs's Dave Ferguson on Securing Your Software Supply ChainsIn this episode of the Future of Application Security, Harshil speaks with Dave Ferguson, Director of Technical Product Management, Software Supply Chain Security at ReversingLabs, which offers software supply chain security analysis platform. They discuss the rising need for software supply chain security as a result of the complexities around how software is built today. They also talk about ways to identify novel attacks through analyzing software behaviors, how efforts like SBOMs and registries help increase transparency, and why software supply chain security needs to evolve from just looking for vulnerabilities.
Topics discussed:
How Dave's diverse...2024-01-1724 min
Breaking Through in Cybersecurity MarketingExploring Roles from the Trenches to Leadership with Corin ImaiIn this episode, Cybersecurity Marketing Leader and Former Security Researcher, Corin Imai, joins Maria and Gianna to discuss the individual contributor vs. head of marketing and influencer marketing relationships.
Corin has been both head of marketing and an individual contributor (IC) throughout her career thus far. She initially joined Tromzo as an IC when the company was very young. From the time Corin joined, she was wearing lots of hats and constantly learning about different facets of marketing. She has found that being head of marketing usually does mean wearing a lot of hats, and that being...2024-01-1737 min
Future of Application SecurityEP 52 — Gen’s Curtis Koenig on Speaking the Language of Why Security MattersIn this episode of the Future of Application Security, Harshil speaks with Curtis Koenig, Head of Application Security at Gen, a multinational software company that provides cybersecurity software and services. They discuss why it's key to be able to articulate why security matters and how it impacts business goals, and what Curtis has learned about how different industries approach risk. They also talk about how security can help engineering be more efficient by speaking their language, various metrics that can assess your training and communication, and what the future of LLMs and security looks like.
Topics discussed:2023-12-1327 min
CyberBytes: The PodcastFrom CISO to Successful Security Founder with Harshil ParikhToday Oliver Legg welcomed Harshil Parikh, CEO and Founder of code to cloud security vendor, Tromzo. Over the past 3 years the business has gone from strength to strength and is being regularly adopted by new enterprise security teams to solve real world application security problems. Harshil and Oliver also talk about the incredible work he does as a Co-founder of the Silicon Valley CISO Investment group, helping early stage security vendors thrive and grow. 2023-12-0728 min
Future of Application SecurityEP 51 — Ping Identity’s Arthur Loris on How to Tell Better Stories About Your Product Security SuccessIn this episode of the Future of Application Security, Harshil speaks with Arthur Loris, Senior Manager, Product Security at Ping Identity, a company that provides self-hosted identity access management (IAM) solutions. They discuss what product security constitutes at Ping Identity, the biggest challenge to great product security, and how security teams need more strategic, tactical plans to achieve their goals. They also talk about better approaches to risk remediation and why it's more effective to tell the story about how your security efforts improved the organization instead of just generating tickets.
Topics discussed:
How Ping Identity...2023-11-2927 min
Future of Application SecurityEP 50 — DryRun Security’s James Wickett on Aligning Incentives and Speaking the Same Language with Developers and SecurityIn this special episode of the Future of Application Security, recorded at the Developers & Security are Friends Day, Eric speaks with James Wickett, co-founder and CEO of DryRun Security, a company that provides security products for developers. They discuss the misaligned incentives between developers and security and how teams can learn how to speak the same language to increase value. They also talk about how the SLIDE Model helps with context analysis, why you should focus less on control and more on context and composition in your security, and how organizations can close their knowledge gaps.
Topics...2023-11-1531 min
Future of Application SecurityEP 51 — Las Vegas Sands’ Jonathan Kelly on Seeing Application Security Through a Different LensIn this episode of the Future of Application Security, Harshil speaks with Jonathan Kelly, Director, Application Security at Las Vegas Sands Corp., a world leader in developing and operating international resorts. They discuss how Jonathan's background in incident response gives him a different lens through which to look at application security, and why security is becoming more behavioral-based rather than signature-based. They also talk about how the future of AppSec will see more tool consolidation, why the biggest challenge to security is a lack of context, and why upskilling in software development will empower your security team.
...2023-11-1527 minFuture of Application SecurityEP 49 — Semgrep’s Colleen Dai on Building Security Strategies and Relationships with Other TeamsIn this special episode of the Future of Application Security, recorded at the Developers & Security are Friends Day, Eric speaks with Colleen Dai, Senior Security Researcher at Semgrep, an open source static analysis tool. They discuss strategies security teams can take to reduce false positives, use secure defaults to eliminate bug classes, and reduce complexity in security decision-making. They also talk about ways to build the relationships between security, developers, and engineers, which includes aligning on goals, communication, and recognition.
Topics discussed:
Colleen's background and what her security research role at Semgrep entails.
How to use...2023-11-0220 minFuture of Application SecurityEP 48 — Chaotic Good’s Johnathan Kuskos on Testing for Functionality, Priorities, and Better Incident ResponseIn this special episode of the Future of Application Security, recorded at the Developers & Security are Friends Day, Eric speaks with Johnathan Kuskos, Founder of Chaotic Good Information Security, a boutique professional services company. They discuss what it's like to be a pen tester, some of the unusual things found during testing, and how the 15 Minutes Rule helps you not waste time during your testing. They also talk about the tradeoffs of security when it comes to “good, fast, or cheap,” simple ways to determine priorities, and how to strengthen relationships between security and developers.
Topics discussed:
H...2023-10-2631 minFuture of Application SecurityEP 48 — Chaotic Good’s Johnathan Kuskos on Testing for Functionality, Priorities, and Better Incident ResponseIn this special episode of the Future of Application Security, recorded at the Developers & Security are Friends Day, Eric speaks with Johnathan Kuskos, Founder of Chaotic Good Information Security, a boutique professional services company. They discuss what it's like to be a pen tester, some of the unusual things found during testing, and how the 15 Minutes Rule helps you not waste time during your testing. They also talk about the tradeoffs of security when it comes to “good, fast, or cheap,” simple ways to determine priorities, and how to strengthen relationships between security and developers.
Topics discussed:
H...2023-10-2631 minFuture of Application SecurityEP 47 — Manicode Security’s Jim Manico on Addressing OWASP Top Ten Issues Through Better Security and Developer PartnershipsIn this special episode of the Future of Application Security, recorded at the Developers & Security are Friends Day, Eric speaks with Jim Manico, Founder and CEO of Manicode Security, a secure coding education firm. They discuss the various challenges around certain items on the OWASP Top Ten list, including server side request forgery and access control, and how security and developers can partner for better logging and alerting. They also talk about the courses Jim offers and why the biggest one in demand today is AI and security.
Topics discussed:
What are...2023-10-1926 minFuture of Application SecurityEP 46 — TuSimple’s Madjid Nakhjiri on the Evolving Need for Automotive CybersecurityIn this episode of the Future of Application Security, Harshil speaks with Madjid Nakhjiri, Head of Product Security and Lead Security Architect at TuSimple, a global autonomous driving technology company. They discuss the current landscape of automotive security today, why the industry is expanding its safety initiatives to cyber security initiatives, and the standards rising up to ensure that security. They also discuss the challenges to threat analysis and remote testing for vehicles, and what role VSOCs and AI will play in the future of automotive security.
Topics discussed:
An overview of the current landscape of...2023-09-2024 min
The Application Security PodcastHarshil Parikh -- Deep Environmental and Organizational Context in Application SecurityHarshil Parikh is a seasoned security leader with experience building security and compliance functions from the ground up. He notably built the security and compliance team at Medallia from scratch and led it through several transitions. He is also a conference speaker, and, most recently, he co-founded Tromzo. Harshil shares insights about AppSec, running a startup, selling effectively, and provides justification for his mantra, "Context is king." Harshil underscores the importance of understanding context in security, emphasizing that it's the bedrock for making informed decisions. He also brings to light the significance of data-driven metrics in application...2023-09-1938 minFuture of Application SecurityEP 45 — Toast’s David Kosorok on Leading Application Security with Collaboration, Empathy, and Good DataIn this episode of the Future of Application Security, Harshil speaks with David Kosorok, Director of AppSec at Toast, a restaurant point of sale and management system. They discuss how to build an application security program from the ground up by prioritizing initiatives, establishing security champions, and bringing in great people — and why gathering and analyzing good data is the foundation to it all. They also discuss how to identify and fix struggles your team may have, why collaborating with product managers is key, and ways in which to positively impact security culture.
Topics discussed:
...2023-09-1433 min
Cloud Security PodcastThe Cloud to Code Dilemma - Let's TalkIs it code to cloud or cloud to code with Harshil Parikh from Tromzo: A lot of leaders today face the inevitable question of should i start with the code or the cloud first. Harshil Parikh from Tromzo was kind enough to share his CISO experience on the topic on what each of these are and what can CISOs priortise in their programs.
Episode YouTube: Video Link
Host Twitter: Ashish Rajan (@hashishrajan)
Guest Socials: Harshil's Linkedin (Harshil Parikh)
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security News...2023-09-0924 minFuture of Application SecurityEP 44 — Workrise’s Tim Kelly on How to Build a Data-Driven Application Security ProgramIn this episode of the Future of Application Security, Harshil speaks with Tim Kelly, Director, Security Engineering at Workrise, a technology company with a platform that supports the energy workforce. They discuss the importance of collecting, storing, and analyzing data in order to enhance application security efforts, and how to go about building a data program that does that. They also discuss the ways in which you can use data to inform your security efforts, how to use data to help you inventory and prioritize vulnerability management, how to get to a 100% success rate with data-backed solutions, and what...2023-08-2824 minFuture of Application SecurityEP 43 — Avalara’s Derek Samford on Building a Security Culture with Data, Collaboration, Education, and EmpathyIn this episode of the Future of Application Security, Harshil speaks with Derek Samford, Senior Director of Product Security at Avalara, a company that builds cloud-based tax compliance solutions. They discuss Derek's approach to product security, including how his team uses data to drive visibility, how feedback loops can build maturity, and how they create application grade cards that inform remediation efforts. They also discuss how everyone is invited to contribute to product security solutions, how they create custom training for each new process, and the importance of empathy.
Topics discussed:
How Derek's varied background brought...2023-08-1635 minFuture of Application SecurityEP 42 — Snowflake’s Jacob Salassi on the Science of Product SecurityIn this episode of the Future of Application Security, Harshil speaks with Jacob Salassi, Director, Product Security at Snowflake, a cloud computing and data management company. They discuss how Snowflake approaches product security — from what they expect engineers and developers to do, to their risk-based reporting — and why Jacob takes a scientific approach to it. They also discuss how Jacob's team creates property graphs to better understand risk flows and what to prioritize, automated threat detection, how they're writing more intelligent detections at scale, and the challenges of big data to product security.
Topics discussed:
How Snow...2023-08-0238 minFuture of Application SecurityEP 41 — SAP’s Helen Oakley on Protecting Human Well-Being by Securing Software Supply ChainsIn this episode of the Future of Application Security, Harshil speaks with Helen Oakley, Lead Architect for Software Supply Chain Security at SAP, which develops enterprise software for business operations. They discuss the need for software supply chain security, especially considering how much of software is open source today, and what the current state of adoption is across industries. They also discuss how you can optimize SBOMs and the misconceptions around them, where organizations can start implementing software supply chain security, and why it's needed to protect both infrastructure and human life.
Topics discussed:
What software...2023-07-2626 minFuture of Application SecurityEP 40 — Steve Springett on Solving Software Supply Chain Security and SBOM ChallengesIn this episode of the Future of Application Security, Harshil speaks with Steve Springett. They discuss the broad definition of what software supply chain security is, the implementation of SBOMs after the White House's Executive Order, and how organizations can effectively adopt, operationalize, and use SBOMs. They also discuss the biggest drivers for better software supply chain security, why you need to manage more than just vulnerabilities, and how organizations can start chipping away at their software security chain problems.
Topics discussed:
Steve's broadly encompassing definition of software supply chain security.
How organizations scrambled to adopt a...2023-07-1933 minFuture of Application SecurityEP 39 — A Modernized and Scalable Approach to Product Security with Origami Risk’s Prajakta BadheIn this episode of the Future of Application Security, Harshil speaks with Prajakta Badhe, Head of Product Security at Origami Risk, which provides risk software to the insurance industry. They discuss how product security is different from application security, the ways in which Prajakta evaluates a product’s risk, and why she always gives context as to why a vulnerability needs remediation. They also discuss the security culture at Origami Risk, three steps for building a robust security program, and where AI will fit into product security's future.
Topics discussed:
The evolution of Prajakta's career, starting as...2023-07-1228 minFuture of Application SecurityEP 38 — Avalara’s Anthony Ungerman on the Imperative for Security-Minded OrganizationsIn this episode of the Future of Application Security, Harshil speaks with Anthony Ungerman, VP Product Security at Avalara, a tax software company. They discuss what product security encompasses beyond application security, how the security team at Avalara works with engineers, and how they articulate business value to increase security implementation. They also discuss security automation, approaches for security training, and what's in store for the future of product security.
Topics discussed:
The evolution of Anthony's career as a "lifelong computer junkie," including how he was introduced to security, and how he learned security by practicing...2023-07-0629 minFuture of Application SecurityEP 37 — Choosing AppSec Priorities: Software Supply Chain, Code-to-Cloud Business Context and MetricsTanya Janca, Founder of We Hack Purple, and Eric Sheridan, Chief Innovation Officer at Tromzo, join us for a special episode of the Future of Application Security Podcast. This episode was originally recorded as a LinkedIn Live on June 25, 2023.
Tanya and Eric discuss how understanding the context in which applications operate is crucial for effective AppSec prioritization. You don't want to miss this insightful session to uncover how to choose AppSec priorities based on software supply chain security, code-to-cloud business context, and metrics. Let's empower organizations to strengthen their Application, Product, and Cloud Security practices and stay a...2023-06-2855 minFuture of Application SecurityEP 36 — Highspot’s Joe Basirico on How to Build Security by Buildng TrustIn this episode of the Future of Application Security, Harshil speaks with Joe Basirico, Senior Director of Product Security at Highspot, a sales enablement platform. They discuss how product security's evolution has increased its focus on relationships and trust-building, why security is like fixing a leaky faucet, and how to prioritize for more efficiency and impact. They also discuss where product security is going and how AI will help it get there, the elements for security at scale, and how to better collaborate with developers.
Topics discussed:
Why Joe "fell in love with security" a...2023-06-2130 minFuture of Application SecurityEP 35 — Streamlining and Accelerating Your Product Security with iHerb’s Mike de LiberoIn this episode of the Future of Application Security, Harshil speaks with Mike de Libero, Director of Product Security at iHerb, an online health and wellness shop. They discuss the ways in which automation helps lighten the workload and creates more consistency, when you need to hire someone for security automation, and what to look for when scaling visibility. They also discuss how the role of product security has evolved, the benefits and drawbacks of today's tools, and how to build more effective remediation.
Topics discussed:
How to implement automation to lighten the load of product...2023-06-1525 minFuture of Application SecurityEP 34 — The Future of AppSec: People, Processes, and Progress with Coalfire’s Warren KoppIn this episode of the Future of Application Security, Harshil speaks with Warren Kopp, Application Security Consultant at Coalfire, a cybersecurity advisor. Together they discuss how better application security involves building relationships with the people behind the processes, and why skills like communication, collaboration, and an understanding of psychology are keys to moving forward security initiatives. They also discuss the increasing availability of security training today, how to think more aggressively about security, and why the future of AppSec will focus on expansion.
Topics discussed:
How Warren "backed into technology" after getting a degree in animation...2023-06-0730 minFuture of Application SecurityEP 33 — Democratizing Security and Implementing Change with Twilio’s Ariel ShinIn this episode of the Future of Application Security, Harshil speaks with Ariel Shin, Senior Product Security Engineer at Twilio, a company that provides businesses the tools to connect with customers through automated messaging. Ariel shares the story of how she implemented a democratized, centralized vulnerability management program at Twilio, which included conducting interviews to gauge the current state of vulnerability management, designing a new process that got everyone on the same page, getting buy-in by going on a roadshow across the company, and how they're currently managing the program after rollout.
Topics discussed:
Ariel's journey...2023-06-0139 minFuture of Application SecurityEP 32 — Leading with Context - Where Institutional Knowledge Cannot ScaleIn the ever-evolving landscape of application security, organizations face the challenge of effectively scaling and growing their AppSec programs. On this episode of the Future of Application Security podcast, Harshil Parikh interviews Ty Sbano, the CISO of Vercel, who brings years of experience and expertise in the field of cybersecurity. During their conversation, Ty and Harshil shared their valuable experiences and learnings from scaling AppSec programs in small and large organizations. They also address topics such as gaining visibility into software artifacts, asset ownership and responsibility, and identifying critical tools for the business.
Topics discussed:...2023-05-2430 minFuture of Application SecurityEP 31 — Cloudflare’s Sri Pulla on Building Collaboration and Synergies for Better Product SecurityIn this episode of the Future of Application Security, Harshil speaks with Sri Pulla, Director, Application Security at Cloudflare, a company that wants to "build a better internet" through its cloud platform of network services. They discuss how Cloudflare protects its products, uses risk scoring for prioritization and decision making, and why the engineering team must answer a security questionnaire before each deployment. They also discuss how to better collaborate across teams — engineering, privacy, compliance, and legal — and how Cloudflare is moving to a centralized team model to better scale their security.
Topics discussed:
2023-05-1724 minFuture of Application SecurityEP 30 — C.H. Robsinson’s Jason Espone on Building Business Resiliency Through Application SecurityIn this episode of the Future of Application Security, Harshil speaks with Jason Espone, Global Head — Application Security Engineering | Cybersecurity at C.H. Robinson, the world’s most powerful logistics platform allowing customers to ship goods around the world. They discuss the challenges of addressing tech debt at a 117-year-old company, strategies to manage a vast application portfolio, and the importance of being able to articulate risk to leadership. They also discuss how application security plays a part in business resiliency, and how to think about data-driven application security.
Topics discussed:
Jason's career evolution, from starting as a...2023-05-1032 minFuture of Application SecurityEP 29 — A Conversation on the State of AppSec with Reddit’s Matt Johansen and Semgrep’s Clint GiblerIn this special edition of the Future of Application Security podcast, Harshil speaks with Matt Johansen, Principal Security Architect at Reddit, a community and content-sharing site, and Clint Gibler, Head of Security Research at Semgrep, an open source static analysis tool. Together they discuss how the world of AppSec has changed, including the more widespread adoption of a shift-left mentality, and how more best-in-breed tools are being created for developers today. They also discuss the ways in which you can adopt frameworks and tooling into current workflows, how to meet developers where they are, and how to incentivize practicing...2023-05-0337 minFuture of Application SecurityEP 28 — Injecting Better Security into Products and Processes with Dremio’s Emre SaglamIn this episode of the Future of Application Security, Harshil speaks with Emre Saglam, Head of Security and Compliance at Dremio, a data lakehouse that empowers data engineers and analysts with easy-to-use self-service SQL analytics. They discuss the current state of AppSec, including how to improve security by prioritizing business implications, using frameworks, and having tools "closer to the ground." They also talk about how to structure security teams, how much time you should spend with product teams, what skills are needed for future success, and more.
Topics discussed:
Emre's career evolution in security, from breaking...2023-04-1937 minFuture of Application SecurityEP 27 — Mohit Kalra: How Sprinklr Scales Product SecurityIn this episode of the Future of Application Security, Harshil speaks with Mohit Kalra, Vice President of Product Security at Sprinklr, a platform that enables the world's largest enterprises to market, advertise, research, care, and engage consumers. Together, they take a look at the overall management of product security in a SaaS organization that needs to keep a large amount of customer data safe. Mohit's advice includes how to prioritize your product security program, become more aware of your environment, make listening and learning a security process, and other useful tips, tricks, and strategies that any security leader can...2023-04-1236 minFuture of Application SecurityEP 26 — Derek Fisher: How Envestnet Scales Product SecurityIn this episode of the Future of Application Security, Harshil speaks with Derek Fisher, the Head of Product Security at Envestnet, a publicly traded financial technology company that connects people's daily financial decisions with their long-term financial goals. Derek is a highly accomplished professional with an exceptional track record in engineering and information security. With his experience as an award-winning author, speaker, leader, and university instructor, Derek provides valuable insights into the world of application security and risk management.
Key topics discussed:
The step-by-step approach to build a mature application security program.
Utilizing tools like dynamic...2023-04-0538 minFuture of Application SecurityEP 25 — Navigating the Complex World of Software Supply Chain Security with Schneider Electric’s Cassie CrossleyIn this podcast episode of the Future of Application Security, Harshil speaks to Cassie Crossley, VP of Supply Chain Security at Schneider Electric, a global specialist in energy management and automation, Cassie is responsible for overseeing the cybersecurity strategy and ensuring the security of the company's products and services. With a wealth of experience from her leadership roles at well-known companies like Ceridian, Hewlett-Packard, McAfee, Lotus, and IBM, Cassie brings a unique perspective and valuable insights to the discussion on software supply chain security.
Key Topics Discussed:
Addressing sophisticated threats in software supply chains.
Integrating supply...2023-03-2939 minFuture of Application SecurityEP 24 — Innovating Application Security with Industry Expert Eric SheridanIn this special episode of the Future of Application Security, Harshil interviews Eric Sheridan, Tromzo’s recently appointed Chief Innovation Officer. Eric shares his 20-year journey in security, from his teenage encounter with Punters (little apps that would flood the target with AIM messages and knock them offline) to developing innovative security technologies at companies including WhiteHat Security (now part of Synopsys). They discuss Eric's experience in building security testing tools, co-founding a company specializing in scanning source code for vulnerabilities, and working on various application security projects throughout his career. The conversation delves into the current challenges and fu...2023-03-2829 minFuture of Application SecurityEp 23 — Martin Nystrom: How Lumen Scales Product SecurityIn this episode, Harshil is joined by Martin Nystrom, Vice President Of Product Security at Lumen.
Lumen is the world’s largest provider of communications, network services, and cloud security solutions. The Lumen platform enables companies to capitalize on emerging technologies and next-gen business applications, offering simplified security solutions that allow their customers to shift their focus from IT to innovation.
Topics Discussed:
The future of application security and the implications of security management in a multi-cloud environment
Martin’s advice for product security professionals starting out in the application security space
How OK...2023-03-1630 minFuture of Application SecurityEp 22 — How to Find the Right Balance Between Compliance and Security with KnowBe4’s Senior Director of Product Security, Bradley PetzerKnowBe4 is the world's largest integrated Security Awareness Training and Simulated Phishing platform. KnowBe4’s training program is designed to help organizations address their most pressing IT security issues. With proper security awareness training, teams are able to make better security decisions, and help build a strong security culture within their organization.
In this episode, Harshil chats with Bradley Petzer, Senior Director of Product Security at KnowBe4. Bradley shares the importance of finding the right balance between compliance and security, and why priority should be given to having true risk management solutions in place.
2023-03-0228 minFuture of Application SecurityEP 21 — Red Hat’s Emmy Eide on How To Build A Strong Software Supply Chain Security ProgramIn this episode, Harshil chats with Emmy Eide, Director of Product Security at Red Hat, a leading provider of open source software solutions that enable enterprises to seamlessly work across various platforms and environments.
Emmy shares how she came to lead the team handling software supply chain security at Red Hat, and gives us a look into what makes for a good software supply chain security program - by utilizing tools, risk management best practices, and implementing security controls to protect the supply chain from threats and vulnerabilities.
Topics discussed:
Why software supply chain...2023-02-1530 min
Future of Application SecurityEP 21 — Toast’s Director of AppSec David Kosorok on How a Customer-Centric Culture Improves SecurityIn this episode, Harshil is joined by David Kosorok, Director of Application Security at Toast, a cloud-based software company that provides an all-in-one point of sale system for restaurants to easily manage and track orders, and helps them to improve their operations, increase sales, and enhance overall customer experience.
David has been in the software and security industry for over two decades, having worked for companies like Docusign, Hyland, and SAP Concur. Today, David shares some insights on how to build and leverage a culture of security to drive success within a company.
...2023-02-0837 minFuture of Application SecurityEP 20 — Naomi Buckwalter: Closing the Demand Gap in Cybersecurity and Building Diverse TeamsIn this episode, Harshil is joined by Naomi Buckwalter, Director of Product Security at Contrast Security. Contrast Security is an application security platform that helps developers and security teams write secure code and protects business applications against targeted cybersecurity attacks. The Contrast platform is able to effectively identify actual vulnerabilities from false positives, resulting in faster remediation.
With more than two decades of experience in IT and Security, Naomi shares some tips on how to run a product security program, how to build a diverse team, and how to refine the hiring process to empower managers to...2023-01-1835 minFuture of Application SecurityEP 19 — Kevin Paige, CISO: How Supply Chain Company Flexport Scales AppSecTechnology has been growing by leaps and bounds but most supply chain processes for shipping, storing, and trading goods have remained fragmented. Flexport is the first to connect the entire ecosystem of global trade, empowering buyers, sellers and logistics providers to grow and innovate. Flexport’s platform sets a new standard for global trade by simplifying supply chain management.
In this episode, we are joined by Kevin Paige, CISO at Flexport. Kevin utilizes his two decade long work experience in IT and security to help the company streamline and optimize business processes, mitigate risks, and accelerate growth by...2023-01-0532 minFuture of Application SecurityEP 18 — Daniel Wood, CISO: How Unqork Scales Product SecurityUnqork is a no-code application platform that helps large enterprises rapidly build complex custom software by completely removing the usual development challenges of a traditional code-based approach.
In this episode, Harshil chats with Unqork’s Chief Information Security Officer, Daniel Wood, to learn more about how he’s helped build and scale the company’s product security program.
Daniel has more than a decade of experience in cybersecurity having worked as an information security analyst, and lead security engineer in previous roles.
Topics discussed:
Daniel’s career journey and his transition from risk-bas...2022-12-1435 minFuture of Application SecurityEP 17 — SolarWinds VP of Security Tim Brown: Behind the Scenes of the 2020 SolarWinds BreachThose in IT, DevOps, and SecOps are all too familiar with the demands of a complex and dynamic technological landscape. For more than two decades, SolarWinds has helped technology professionals and organizations manage and adapt to an ever-expanding ecosystem of IT applications and infrastructure.
In this episode, Tim Brown, Vice President of Security at SolarWinds, gives us an insider view of the 2020 cyberattack where hackers slipped malicious code into the company's popular network management system and software program, Orion. He shares how his team worked tirelessly to resolve the breach, and how this incident has brought light to...2022-11-3034 minFuture of Application SecurityEP 16 — Mukund Sarma: How Chime Built a Scalable Product Security ProgramChime, one of the fastest growing players in the financial technology space, has a mission of providing financial stability for their customers by eliminating many of the issues that come with traditional banking.
In today’s episode, Mukund Sarma, Director of Product Security at Chime, shares how he helps his team address the challenges in building security programs, and maintaining a solid and proactive security culture within the company.
Topics discussed:
How Mukund got started in cybersecurity.
His experience in building application security programs for FinTech companies.
Different approaches in risk mitigation in FinTech, pro...2022-11-0936 minFuture of Application SecurityEP 15 — Tejpal Garhwal: How Pegasystems Scales AppSecPegasystems’ Pega Platform is a powerful low-code platform for AI-powered decisioning and workflow automation. The platform makes it easier for enterprises to work smarter, unify experiences, and quickly adapt. As a publicly traded company with a multi-billion dollar market cap, more than 6,000 employees, and a global customer base, security is critical to the success of the company.
In this episode of the Future of Application Security podcast, Harshil speaks to Pegasystems’ Director of Application Security, Tejpal Garhwal to learn about how Pega approaches AppSec. With a strong software development background and deep expertise in Application Security, Tejpal has sp...2022-10-2633 min
CISO insiders#054 - Harshil Parikhil, Co-Founder & CEO at TromzoToday I had the opportunity and privilege to speak with Harshil Parikh. Harshil is a CISO turned founder. He is currently the CEO & Co-Founder of Tromzo - an Application Security Management Platform that helps organizations orchestrating their SDLC.We spoke about the commonalities between being a CISO and being a founder, about how challenging an environment the Silicon Valley is and much more.Join us to learn more2022-10-1741 minFuture of Application SecurityEP 14 — Mark Stanislav: How FullStory Continuously Measures and Improves Its Product Security MaturityFullStory’s mission is to equip organizations with the information they need to deliver perfect digital experiences. To deliver on that mission, their platform captures customer experience data based on understanding browser interactions. In order to capture that data, it must have a position on the end user’s browser which requires a high level of customer trust.
To ensure its service is delivered securely and that trust is maintained, the company has devoted significant resources to developing a robust Product Security Program.
On today’s episode of the Future of Application Security, Harshil speaks with Ful...2022-10-1237 minFuture of Application SecurityEP 14 — Mark Stanislav: How FullStory Continuously Measures and Improves Its Product Security MaturityFullStory’s mission is to equip organizations with the information they need to deliver perfect digital experiences. To deliver on that mission, their platform captures customer experience data based on understanding browser interactions. In order to capture that data, it must have a position on the end user's browser which requires a high level of customer trust.
To ensure its service is delivered securely and that trust is maintained, the company has devoted significant resources to developing a robust Product Security Program.
On today's episode of the Future of Application Security, Harshil speaks with FullStory’s VP o...2022-10-1237 min
Business of CyberBoC #44: Lessons Learned as a First Time Founder; The Importance of Defining Your ICP & Perfecting Your Messaging, Not Just Building a Good Product w/ Harshil Parikh, CEO at TromzoHarshil Parikh is the CEO & Co-Founder at Tromzo. 2022-09-2928 minFuture of Application SecurityEp 13 — Daniel Harvey: How to Shift from Application Security to Product SecurityThe pace of software development has increased dramatically over the past ten years and the traditional approach to application security has struggled to keep up. With modern development going from code to cloud within hours, manual security checks and code reviews run the risk of slowing down releases and creating more tension between developers and security teams.
To reduce this friction, organizations are shifting from the traditional application security approach to a more modern approach where security policies and controls are embedded in developer workflows.
To learn more about this shift, in today’s episode of th...2022-09-2828 minFuture of Application SecurityEP 12 — Rajat Bhargava: How Stripe Built a Highly Scalable AppSec ProgramStripe is the most valuable private startup in the United States with a market valuation of more than $95 billion. With more than 2 million customers spread across 46 countries and nearly 10,000 employees, the scale of Stripe is hard to fathom. To retain its position as the market leader, Stripe must continue to rapidly ship new products while at the same time ensuring those products are secure.
To learn more about how Stripe has scaled their AppSec Program to keep up with the pace of development, in today’s episode, Harshil speaks with Stripe's Application Security Manager, Rajat Bhar...2022-09-1428 min
Adventures in DevOpsApplication Security Challenges with Harshit Chitalia - BONUSDevOps culture and rapid cloud adoption has developers shipping code faster than ever and security is struggling to keep up. How do you ensure secure deployment while still maintaining speed with releasing applications? Today on the show, Harshit Chitalia, CTO & Founder at Tromzo shares his industry insights related to application security and applicable ideas on what developers can start trying today. In this episode…Navigating application security for developersHow to keep track of security issuesShift left vs. shift rightSecurity automationTracking security processes Security solutions and toolsConnect with Harshit ChitaliaLinkedIn: Harshit ChitaliaLinksHomepage - Tromz...2022-09-0136 minFuture of Application SecurityEP 11 - Anshuman Bhartiya: Lessons From Building Thirty Madison’s Product Security ProgramThirty Madison is a healthcare technology company that offers direct-to-consumer healthcare and wellness products for people living with chronic conditions. Founded in 2017, the company has raised over $200 million in funding and has more than 400 employees.
As a healthcare company with millions of customers, Thirty Madison has the responsibility of holding their customers' most personal information. Keeping this highly sensitive data secure is mission critical to their business. A single breach could jeopardize their reputation and ruin their relationship with their customers.
To ensure their customers and employees are secure, Thirty Madison brought on Anshuman Bhartiya to...2022-08-2440 min
Code Story: Insights from Startup Tech LeadersS6 Bonus: Harshil Parikh, TromzoHarshil Parikh is the father of 2 daughters, as well as the father of 2 dogs. Most of the time spent outside of work is with his family, although he does love to cook, especially experimenting with pizza. Through his life, he has realized that sleep is overrated - humans can function on very little sleep... maybe not forever, but for a few weeks at a time.Through their experiences, Harshil and his co-founder found that it was difficult to make a cyber security program successful. After running through the same challenges again and again, they decided to step...2022-08-1223 minFuture of Application SecurityEP 10 - Dustin Lehr: How Fivetran Builds Empathy Between Developers and SecurityThe resounding sentiment from organizations is that there’s major tension between development and security teams. This tension makes it nearly impossible for any AppSec program to scale, making reducing this friction mission critical.
To learn how to improve the relationship between developers and security, on today’s episode of the Future of AppSec Harshil speaks with Dustin Lehr, Director of Application Security at Fivetran, a Forbes Cloud 100 company that helps companies improve the accuracy of data-driven decisions by continuously synchronizing data from source applications to any destination, allowing analysts to work with the freshest possible data.
...2022-08-0328 minFuture of Application SecurityEP9 - Mrityunjay Gautam: How Databricks Approaches Product SecurityDatabricks is responsible for massive amounts of data for more than 7,000 customers worldwide including more than 40% of the Fortune 500. This means security is mission critical and the stakes are incredibly high. To keep their customer data secure, Databricks has put major focus into building both their product security team and strategy. In January, their team had just two members and today, there are 11 with many additional roles ready to be filled.
To learn more about how Databricks approaches product security, Harshil speaks with the person leading the companies efforts — Mrityunjay Gautam, Databricks Global Head of Product Security.
2022-07-2034 minFuture of Application SecurityEP8 - Justin Anderson: How LinkedIn Built Their Vulnerability Management ProgramThree years ago LinkedIn had no vulnerability management program in place. Today that’s a completely different story. Over the past three years, they built their program from scratch and rapidly scaled to keep their 25k+ employees and 800 million users safe and secure.
How did LinkedIn achieve this scale so quickly and what lessons were learned along the way? On today’s episode we speak with Justin Anderson — LinkedIn’s Head of Vulnerability Management who was tasked with building out the company’s program. Justin’s experience spans the US Air Force and MITRE offers a unique perspective on...2022-07-0642 min
DevSec For Scale from AkeylessDevelopment Velocity With Security w/ Harshit Chitalia, TromzoHow do you ensure secure development while maintaining the release velocity of your applications?
In this episode, Harshit Chitalia, CTO & Founder at Tromzo, talks with me about his recent research study where he asked over 400 developers about their biggest Application Security challenges.
We get into some of the interesting findings of the report and also discuss how vulnerabilities are found and fixed as well as tooling developers can use to do just that.
--
State of Modern Application Security: https://www.tromzo.com/resources/state-of-modern-application-security
Voice of the Modern...2022-07-0534 minFuture of Application SecurityEP7 - Chaitanya Bhatt: How Credit Karma Scales Their AppSec ProgramCredit Karma is expanding rapidly and a huge focus for them is having a truly agile engineering team. Application security has also been a focus and their ratio of appsec engineers to developers is 1-:50 which is one of the industries best ratios.
In their movement to success, today's show shares exactly how Credit Karma’s Director of Application Security Chaitanya Bhatt has tackled modern application security. Chaitanya’s perspectives and expertise come from his first-hand experience in leading security teams at organizations including eBay, AppDynamics (acquired by Cisco), and Autodesk.
Key Findings:
How enforci...2022-06-1531 minFuture of Application SecurityEP6 - Allan Swanepoel: How Automation Can Help Developers Think of Security as an ActuatorThis modern SDLC has really exacerbated the fractured relationship between developers and security. Often security is frustrated that developers cannot deliver on their laundry list of asks, and in turn, developers are sick of the legacy application security ways that slow down progress.
To scale at the speed of DevOps, organizations have to eliminate this friction and improve the relationship between developers and security.
Our guest today is Allan Swanepoel and during this episode, he’ll teach us exactly how we can do that by bringing the power of automation to your application security program. Al...2022-06-0133 min
The Cybersecurity Readiness Podcast SeriesReducing the Disconnect Between Security and Development TeamsHow do you make security a first-class citizen of the software development process? According to an industry report, “many information security engineers don’t understand software development—and most software developers don’t understand security. Developers and their managers are focused on delivering features and meeting time-to-market expectations, rather than on making sure that software is secure.” Harshil Parikh, CEO and Co-Founder Tromzo, shares best practices for reducing the disconnect between software development and information security engineers. One such practice is the establishing and automation of security guardrails for application development.To access and download the entire podcast su...2022-05-2531 minFuture of Application SecurityEP5 - Travis McPeak: Securing the Modern SDLC with Security GuardrailsDevelopers today go from code-to-cloud in a matter of hours and security teams are struggling to keep up. Legacy AppSec systems and processes are impeding their efforts to scale their AppSec program and the majority of security teams feel unprepared to govern and secure the modern SDLC.
To solve this problem, organizations must rethink their approach to AppSec. Instead of trying to force developers to learn another skill set (security), adopt new tools or slow down development, AppSec teams must focus on security policies in developer workflows. Our guest today will teach us exactly how to make t...2022-05-1724 minFuture of Application SecurityEP4 - Caleb Sima: How to Hire and Retain a High-Performing Security Team — Lessons From Scaling at RobinHoodTo build a high-performing security team, organizations must rethink how they approach recruiting, hiring, and retaining talent. The problem is, building a great team is incredibly challenging today. With an estimated 400,000 unfilled security jobs, security teams are understaffed, burnt out, and struggling to keep up with an ever-increasing number of cyberattacks each day. Our guest today teaches us exactly what security leaders can do to overcome these challenges and build a high-performing security team. Caleb Sima is the Chief Security Officer at Robinhood. He’s spent more than 20 years in cyber security following the unconventional path of spending his early...2022-05-0441 minFuture of Application SecurityEP 3 - Shostack + Associates Adam Shostack: 4 Question Framework For Simple Threat ModelingMost people think about threat modeling as an extensive, costly and heavyweight exercise. But what if it didn’t have to be? What if threat modeling could be as easy as asking and answering a few simple questions?
In today’s episode, we speak with Adam Shostack about his simple four-question threat modeling framework. Adam’s framework was developed based on 20+ years of threat modeling experience ranging from startups to more than a decade at Microsoft. He believes deeply that organizations must rethink their approach to threat modeling. In this episode, Adam walks through his framework...2022-04-1932 minFuture of Application SecurityEP 2 - Hitch Partners Michael Piacente: What It Takes To Become a Successful Chief Information Security OfficerCISOs have one of the most unique views of an organization.
Being in charge of teams that are under enormous pressure to ship, deliver, and sell security goes beyond an effective management.
Michael Piacente is the co-founder and managing director of Hitch Partners and he has been helping the CISO community for several years.
In today's show, he shares his insights about the patterns that most successful CISOs have in common.
Topics discussed in this episode:
The attributes and skill sets of a great CISO.
What Hitch Partners does...2022-04-0630 min
Security Weekly Podcast Network (Audio)ASW #190 - Harshil ParikhDevelopers ignore security issues. But can we really blame them? After all, security folks bombard them with an endless stream of issues that need to be addressed with no way for them to separate what’s actually critical from all the noise, all while they are expected to release software more frequently and faster than ever before. It makes sense why developers view security as something that just gets in their way and slows them down. To make application security easy, we must make it developer-first. This is the future of AppSec. In the AppSec News: Okta breach, fuzzing Ru...2022-03-291h 17
Application Security Weekly (Audio)ASW #190 - Harshil ParikhDevelopers ignore security issues. But can we really blame them? After all, security folks bombard them with an endless stream of issues that need to be addressed with no way for them to separate what’s actually critical from all the noise, all while they are expected to release software more frequently and faster than ever before. It makes sense why developers view security as something that just gets in their way and slows them down. To make application security easy, we must make it developer-first. This is the future of AppSec. In the AppSec News: Okta breach, fuzzing Ru...2022-03-291h 17
Application Security Weekly (Video)How to Build a Developer-First Application Security Program - Harshil Parikh - ASW #190Developers ignore security issues. But can we really blame them? After all, security folks bombard them with an endless stream of issues that need to be addressed with no way for them to separate what’s actually critical from all the noise, all while they are expected to release software more frequently and faster than ever before. It makes sense why developers view security as something that just gets in their way and slows them down. To make application security easy, we must make it developer-first. This is the future of AppSec. Segment Resources: ...2022-03-2835 minApplication Security Weekly (Video)How to Build a Developer-First Application Security Program - Harshil Parikh - ASW #190Developers ignore security issues. But can we really blame them? After all, security folks bombard them with an endless stream of issues that need to be addressed with no way for them to separate what’s actually critical from all the noise, all while they are expected to release software more frequently and faster than ever before. It makes sense why developers view security as something that just gets in their way and slows them down. To make application security easy, we must make it developer-first. This is the future of AppSec. Segment Resources: ...2022-03-2835 minFuture of Application SecurityEP 1 - NextRoll’s Nico Valcarcel: How to Build Empathy Between Developers and SecurityIn this first episode, NextRoll’s Product Security Lead Nicolas Valcarcel shares how since he was 15 he wanted to work in security. However, his career path has been far from conventional.
By being part of developer teams in early-stage startups and working hand to hand with founding teams, he has been able to get a grasp on how developers and security teams see the same product in very different ways, and the common friction points that come from their interactions.
In this episode, Nico shared his experience and taught us his secret sauce: Advocating for eng...2022-03-2339 min
Enterprise Security Weekly (Video)McAfee MVISION XDR, Microsoft Acquires Activision Blizzard, & Tom Brady NFTs - ESW #257In the Enterprise Security News: 1Password plans to do some shopping with their massive Series C, Devo announces a $250M round, Permiso Security and Tromzo emerge backed by both traditional VCs and industry execs, STG spins out McAfee’s MVISION XDR product as Trellix - the first of many spinouts, they say, Microsoft reminds us that, in addition to being the industry’s largest security vendor, they can also drop $70B on video games if they feel like it, More reminders that open source is essential, but orgs with massive budgets will still treat it as worthless and disposable, Real...2022-01-211h 04
Enterprise Security Weekly (Audio)Quality of Ingredients - ESW #257This week, Rickard Carlsson from Detectify is with us to discuss a funeral for vulnerability management! Then, Will Clark from Accela joins us to talk about architecture and security in the trenches! In the Enterprise Security News: 1Password plans to do some shopping with their massive Series C, Devo announces a $250M round, Permiso Security and Tromzo emerge backed by both traditional VCs and industry execs, STG spins out McAfee’s MVISION XDR product as Trellix - the first of many spinouts, they say, Microsoft reminds us that, in addition to being the industry’s largest security vendor, they can...2022-01-212h 02
Secure Ventures with Kyle McNultyTromzo: Harshil ParikhHarshil:
- Co-founder and CEO at Tromzo
- Co-founder of SVCI (Silicon Valley CISO Investments)
- Previously Senior Director of Security at Medallia
Listen to the episode for our discussion on starting a company in stealth, organizing CISOs as investors, raising money with only an idea, and more.
https://www.tromzo.com/
https://www.svci.io/2021-12-1449 min
The Virtual CISO PodcastBridging the Gap Between Security & Development Teams w/ Harshil ParikhThere is an age-old conflict between security and development teams. Development teams are focused on time-to-market and packing features into the product. Security teams are often seen as speed bumps on the way to achieving those goals. How can we bridge the gap between the two? According to Harshil Parikh, CEO at Tromzo, new methodologies are presenting an incredible opportunity for security teams to get involved in the development process in a much more effective way. Plus, there’s some exciting new software that is solving this challenge in interesting ways. In this episode, we discuss: - Opportunities presented by ag...2021-12-0949 min
Secure Talk PodcastApplication Security for Developers with Harshil Parikh, CEO of TROMZOHarshil Parikh, CEO of TROMZO talks about developer security friction and how best to engage developers to take security seriously.
https://www.tromzo.com/2021-11-1627 min