Podcasts about secure code warrior

James is a General Partner at Airtree Ventures and this is a very rare public interview with him, we understand his first since 2018. James has a particular interest in software, infrastructure and fintech and led Airtree's investments in A Cloud Guru, Constantinople, DroneDeploy, Zepto, Buildkite and Secure Code Warrior.Prior to joining Airtree, James spent 15 years working in the US, UK and Asia. He was Vice President at Accel Partners, the VC fund behind Slack, Dropbox, Facebook and Spotify.James was born in Canberra and now lives in Sydney, Australia.Hosted by Vidit Agarwal, Founder of Curiosity Center and The High Flyers Podcast.It's now time to explore your curiosity. If you're keen to discuss sponsorship and partnering with us, email us at vidit@thehighflyerspodcast.com today! ***CLICK HERE to read show notes from this conversation. Please enjoy!***Follow us on Instagram, LinkedIn or TwitterGet in touch with our Founder and Host, Vidit Agarwal directly hereContact us via our website to discuss sponsorship opportunities, recommend future guests or share feedback, we love hearing how to improve! Thank you for rating / reviewing this podcast on Apple Podcasts and Spotify, it helps others find us and convince guests to come on the show! ***The High Flyers Podcast re-imagines the traditional notion of a "high flyer" and is a premier product of the Curiosity Center. The podcast showcases the journeys of relatable role models from their sunrise (childhood) to today. Listeners love the unique and direct inside access to these relatable role models, companies and industries in every walk of life to help us all be 1% better everyday, together.170+ guests have joined Vidit Agarwal on the show from around the world including Heads of state, Olympians, Business and cultural leaders, Social Advocates, Investors, Entrepreneurs and more. Past guests include: Anil Sabharwal, Mark Suster, Ahmed Fahour, Holly Ransom, Daniel Petre, Paul Bassat, Simon Holmes a Court, Michael Traill, Osher Gunsberg, Ed Cowan, Carol Schwartz, Wyatt Roy, Jack Zhang, Martijn Wilder, Holly Kramer and more.The Curiosity Center is your on-demand intelligence hub for knowledge, connections and growth to achieve your potential, everyday. Join 200,000+ Investors, Founders, Decision Makers and Emerging Leaders. Learn with the world's best at www.curiositycenter.xyz***

Kerno, a problem-solving technology for engineering and operations teams that swiftly monitors and troubleshoots applications, all within a matter of minutes has secured 1.69 million in a seed round led by Elkstone Ventures. Kerno was founded in 2022 by Sean Madigan, Karim Traiaia, Anibel Ambertin, Maxi Delo and Vlad Romanov, who all have extensive engineering backgrounds and have faced the very issues Kerno now solves. Despite substantial investments in observability tools, cloud-native developers can spend an astonishing 70% of their time finding and fixing production issues. Kerno reimagines the entire troubleshooting experience by empowering every engineer with the ability to swiftly monitor and troubleshoot applications, quickly and autonomously. By empowering developers, it will mobilise 90% of the engineering workforce who have the application domain knowledge - reducing the strain on already overstretched operation teams. The round is led by Elkstone Ventures, with participation from MMC Ventures in London and angel investors including Sean Mullaney (CTO at Algolia), and Stephan Schulze (CTO and MD at Project A Ventures). This financial backing will enable Kerno to double down on its engineering capabilities to further the efficiency and effectiveness of its problem-solving technology. Kerno plans to use the funding to scale across to 100k cloud-native developers and increase their employee headcount from 11 to 20 over the next 2 years. The product, which is currently still in testing with early adopters, can be installed with no code instrumentation or sidecar required, which typically bring hefty installation times and performance penalties. Kerno provides simplified, highly curated information on cloud application issues, meaning engineering and ops teams can quickly figure out when a problem occurred, how it impacts the business, what caused it, and who can fix it. Because Kerno can be deployed in the customer's cloud environment (at edge), it means customers can avail of their current cloud infrastructure and reduce expensive data processing and data egress costs typically associated with current monitoring solutions. Sean Madigan, co-founder and CEO of Kerno said: "Current solutions are data intensive, need continuous upkeep and ultimately have poor developer experiences. In a world where cloud applications are getting more expensive to run and troubleshoot due to complexity, accelerated release cycles, and customer expectations, developers need to be empowered to contribute. "Kerno is on a mission to deliver a true cloud-native experience, characterised by speed and cost-effectiveness, to the world of developer observability. With Kerno, development teams can reclaim their time and confidently drive innovation without compromising on speed and quality. This funding will help us accelerate time to market through increased engineering capacity and kickstart scaling to millions of developers globally." An entrepreneur with an engineering background, Sean is the former EMEA Director of Secure Code Warrior (raised over $100M from the likes of Paladin Capital Group and Goldman Sachs), where he hired and scaled the team that grew annual recurring revenue from $0 to $15M. Niall McEvoy, Venture Partner at Elkstone Ventures, said "We were impressed by Kerno's innovative approach to simplifying troubleshooting in cloud applications. Their commitment to providing a streamlined, out-of-the-box experience for engineering and ops teams sets them apart in a landscape where complexity and inefficiencies prevail. We believe in Kerno's potential to reshape how critical issues are addressed." See more stories here. More about Irish Tech News Irish Tech News are Ireland's No. 1 Online Tech Publication and often Ireland's No.1 Tech Podcast too. You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: https://anchor.fm/irish-tech-news If you'd like to be featur...

Step into the exciting world of education technology with EdTech Insiders! Join hosts Alexander Sarlin and Ben Kornell in this engaging episode as they bring you the latest news and trends from the education technology landscape.

Today, we talk to Juliet about what's wrong with security programs today and what security leaders should be doing to fix them. We'll discuss how security programs can look rosy... until the incident hits, and the true posture of the organization is laid bare. How can CISOs still look good and maintain the org's trust under the worst of circumstances? In this interview, Jules will tell us how. Zero Trust is an imperfect concept and is often impractical to deploy comprehensively at scale, but that doesn't mean it can't do any good. In this interview, we talk with practitioner Ryan Fried about his experiences implementing Zero Trust in real life. We'll also discuss his new role at Mandiant, and why the glue that holds together people, process, and tools is so important. Finally, in the enterprise security news, Secure Code Warrior raises $50M to continue educating developers on best security practices, Jamf acquires dataJAR, IronNet's public run ends soon, Microsoft puts pressure on other cybersecurity stocks, We discuss the Microsoft Storm breach, How to make engineers not hate you, Securely build features using AI APIs WormGPT, National Cybersecurity Strategy Implementation Plan, Cybersecurity labels Google plans to scrape everything you post for AI, & the Year of the Linux Desktop! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly  Show Notes: https://securityweekly.com/esw-324

Today, we talk to Juliet about what's wrong with security programs today and what security leaders should be doing to fix them. We'll discuss how security programs can look rosy... until the incident hits, and the true posture of the organization is laid bare. How can CISOs still look good and maintain the org's trust under the worst of circumstances? In this interview, Jules will tell us how. Zero Trust is an imperfect concept and is often impractical to deploy comprehensively at scale, but that doesn't mean it can't do any good. In this interview, we talk with practitioner Ryan Fried about his experiences implementing Zero Trust in real life. We'll also discuss his new role at Mandiant, and why the glue that holds together people, process, and tools is so important. Finally, in the enterprise security news, Secure Code Warrior raises $50M to continue educating developers on best security practices, Jamf acquires dataJAR, IronNet's public run ends soon, Microsoft puts pressure on other cybersecurity stocks, We discuss the Microsoft Storm breach, How to make engineers not hate you, Securely build features using AI APIs WormGPT, National Cybersecurity Strategy Implementation Plan, Cybersecurity labels Google plans to scrape everything you post for AI, & the Year of the Linux Desktop! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly  Show Notes: https://securityweekly.com/esw-324

Finally, in the enterprise security news, Secure Code Warrior raises $50M to continue educating developers on best security practices, Jamf acquires dataJAR, IronNet's public run ends soon, Microsoft puts pressure on other cybersecurity stocks, We discuss the Microsoft Storm breach, How to make engineers not hate you, Securely build features using AI APIs WormGPT, National Cybersecurity Strategy Implementation Plan, Cybersecurity labels Google plans to scrape everything you post for AI, & the Year of the Linux Desktop!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-324 

Finally, in the enterprise security news, Secure Code Warrior raises $50M to continue educating developers on best security practices, Jamf acquires dataJAR, IronNet's public run ends soon, Microsoft puts pressure on other cybersecurity stocks, We discuss the Microsoft Storm breach, How to make engineers not hate you, Securely build features using AI APIs WormGPT, National Cybersecurity Strategy Implementation Plan, Cybersecurity labels Google plans to scrape everything you post for AI, & the Year of the Linux Desktop!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-324 

The Barbie movie was released yesterday evening and it's expected to create huge ripple effective for Barbie-owner Mattel… and it's bottom line. Elon Musk has warned that Twitter is still not profitable thanks to a chunky drop in advertising revenue and a very very large debt. An Australian cyber-tech company named Secure Code Warrior has just closed a $50m USD capital raise, with backing from Goldman Sachs. — Build the financial wellbeing of your team with Flux at Work: https://bit.ly/fluxatwork Download the free app (App Store): http://bit.ly/FluxAppStore Download the free app (Google Play): http://bit.ly/FluxappGooglePlay Daily newsletter: https://bit.ly/fluxnewsletter Flux on Instagram: http://bit.ly/fluxinsta Flux on TikTok: https://www.tiktok.com/@flux.finance —- The content in this podcast reflects the views and opinions of the hosts, and is intended for personal and not commercial use. We do not represent or endorse the accuracy or reliability of any opinion, statement or other information provided or distributed in these episodes.See omnystudio.com/listener for privacy information.

In 2015, Pieter Danhieux and Matias Madou, both cybersecurity analysts, came to the realization that they wanted to provide a way to make software more secure by empowering developers with the skills and tools to enhance their speed of delivery.

For this week's episode of Breaking Through in Cybersecurity Marketing, we bring you Scott Shapiro, former Product Marketing Manager at Microsoft and the current Director and Global Head of Product Marketing at Secure Code Warrior. Scott takes us on his journey from working at a large corporation and smaller businesses to now plunging into the cybersecurity marketing space. Today, Scott also explains product marketing and how it merges with the cybersecurity field while emphasizing the value of creating a culture of learning at a company.   Timecoded Guide: [00:00] Start of episode [2:38] Scott's story and getting into cybersecurity marketing [8:03] Role of Secure Code Warrior and business model [11:31] What is product marketing?  [20:49] Dividing up projects in a team [33:53] Scott's product marketing strategy   What is product marketing and what does it look like?  Product marketing seems straightforward at the face of it—Gianna and Maria pick Scott's brain on what ‘products' are in the cybersecurity marketing space. Scott explains that at Secure Code Warrior, they split up into a growth and performance marketing team, events team, and a comms team. Scott says that, while everyone may answer the question differently, his take on product marketing is that they seek to tell the story of value drivers and problem-solving through different perspectives.  “My take on product marketing is all about, we have to create value, and opportunity as we bring products to market that meet our customer's and prospects' needs.”   How are you accelerating your learning in cyber to feel more comfortable as a product marketer?  Scott explains that often in the cybersecurity space, people need to work together in order to nail down concepts and jargon in cybersecurity. Scott says that this starts with character traits. Humility, curiosity, and hunger around learning are key, Scott says. Collaboratively, teams can work on learning different aspects of cyber to then come together and show each other the ropes. Instead of Googling, he says, ask a team member to guide you in the right direction or teach you what something is. This creates a culture of learning and growth, which Scott says he tries to implement in a business culture.  “Each pyre is all about saying you don't want to be a know-it-all, you just want to be a learn-it-all. And that's that mindset of curiosity in just about every setting.”   How are you dividing up projects amongst your team?  Scott says that, in product marketing, dividing in conquering is all in the name: some lean more towards the project side while others turn to marketing. Either way, at an early-stage company, you have to be comfortable in both sides of the house. With product, people work within inbound marketing, seeking to form deep partnerships with product management while those in marketing focus more on outbound campaigns, partnering with email marketers or your social media. Scott also mentions a third area which is sales and customer success organization. Scott says that you have to balance between these three areas as a product marketer. “At the end of the day, happy employees are happy customers and a happy business.”   The product marketing Venn diagram In the episode, Scott holds up two circles with his hands, illustrating two sides of a business: personal goals and interests and business needs. The thread between the two is communication, Scott says, and the better that can be, the better you can strategize in overlapping the two circles to bounce around special projects. Scott says that this is how he builds a team of product marketers and does right by them while empowering them to grow their careers, making the business successful.  “We all have things we want to grow into, and things that excite us that you might find boring that I love, or vice versa.” ---------- Links: Spend some time with our guest Scott Shapiro on Twitter and LinkedIn. Visit Secure Code Warrior on LinkedIn. Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter. Follow Gianna on LinkedIn. Catch up with Maria on LinkedIn. Join the Cybersecurity Marketing Society on our website, and keep up with us on Twitter.

OpenSSL is patched today. The misconfiguration risk to US government networks' security and compliance. Hacking Ms Truss's phone. Assistance for Ukraine's cyber defense. Joe Carrigan looks at the latest round of apps pulled from the Google Play Store. Our guest is Matias Madou of Secure Code Warrior on why cultivating a positive culture among security and developer teams continues to fall short. And a quick look at DNS threats. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/210 Selected reading. Effectively Preparing for the OpenSSL 3.x Vulnerability (Akamai) O How The OpenSSL 3 Vulnerability Will Really Affect Your Environment (Nucleus Security)  New Critical Flaw in OpenSSL: How to Know if You're at Risk (Rezilion) Experts warn of critical security vulnerability discovered in OpenSSL (Application Security Blog) The impact of exploitable misconfigurations on network security within US Federal organizations (Titania) Liz Truss's personal phone hacked by Putin's spies (Mail Online) O Truss phone was hacked by suspected Putin agents when she was foreign minister, the Daily Mail reports (Reuters)  Liz Truss phone hack claim prompts calls for investigation (BBC News)  Russian spies hacked Truss's personal phone (Computing) Government urged to investigate report Liz Truss's phone was hacked (the Guardian) Ministers creating ‘wild west' conditions with use of personal phones (the Guardian) Suella Braverman admits sending official documents to personal email six times (The Telegraph)  Ukraine War: UK reveals £6m package for cyber defence (BBC News) DNS Threat Report — Q3 2022 (Akamai)

For this week's episode we're joined by Scott Shapiro to chat about how Product Marketing can look different depending on what stage the company is in. Scott draws on his own experience starting out in Product Marketing at Microsoft to transitioning to start-ups at different stages. We touch on things new PMMs should consider when deciding which company to join, as well as some interviewing tips from his perspective as a a hiring manager.  Thank you to our sponsor Product Marketing Alliance for partnering with us for season 2 of the podcast.You can use the code newtopmm for 10% off PMA's Core Certification course.Connect with Scott. Connect with Maggie.

Shahin chats with Nick Flude, CMO at Sekuro about how to plan your career progression as a marketer.  As CMO, Nick has overall accountability for the company's marketing strategy and execution; as well as leading and inspiring a talented and motivated marketing team. Prior to his role at Sekuro, Nick was CMO for Secure Code Warrior, a hyper-growth VC funded cyber security start-up, and has held a variety of Marketing roles at vendors, integrators, tech start-ups, and major Telcos in the UK and Australia. Nick is known as having a ready grasp of new and emerging technologies, and rates highly on the unofficial ‘marketing nerd' scale due to his passion for all things digital and tech related. He is proud to be an Advisory Board mentor to some of the next generation of CMOs around the world. An extremely rewarding role that teaches him a lot - as well as being able to share some of his insights and knowledge gained over the years. _________________ For your copy of the State of ABM in APAC Report (2022): https://abm.xgrowth.com.au/report/ Join the Slack channel: https://growthcolony.org/slack Hosted & Produced by Shahin Hoda, Allysa Maywald & Alexander Hipwell, from xGrowth We would love to get your questions, ideas and feedback about Growth Colony, email podcast@xgrowth.com.au

Hello, and welcome to another episode of CISO Tradecraft, the podcast that provides you with the information, knowledge, and wisdom to be a more effective cybersecurity leader.  My name is G. Mark Hardy, and today we're going to try to balance the impossible equation of better, faster, and cheaper.  As always, please follow us on LinkedIn, and subscribe if you have not already done so. Shigeo Shingo, who lived from 1909-1990, helped to improve efficiency at Toyota by teaching thousands of engineers the Toyota Production System, and even influenced the creation of Kaizen.  He wrote, "There are four purposes for improvement: easier, better, faster, cheaper. These four goals appear in order of priority." Satya Nadella, the CEO of Microsoft, stated that, “Every company is a software company.  You have to start thinking and operating like a digital company.  It's no longer just about procuring one solution and deploying one solution… It's really you yourself thinking of your own future as a digital company, building out what we refer to as systems of intelligence.” The first time I heard this I didn't really fully understand it.  But after reflection it makes a ton of sense.  For example, let's say your company couldn't send email.  How much would that hurt the business?  What if your company couldn't use Salesforce to look up customer information?  How might that impact future sales?  What if your core financial systems had database integrity issues?  Any of these examples would greatly impact most businesses.  So, getting high-quality software applications that enable the business is a huge win. If every company is a software or digital company, then the CISO has a rare opportunity.  That is, we can create one of the largest competitive advantages for our businesses. What if we could create an organization that builds software cheaper, faster, and better than all of our competitors? Sounds good right?  That is the focus of today's show, and we are going to teach you how to excel in creating a world class organization through a focused program in Secure Software Development.  Now if you like the sound of better, faster, cheaper, as most executives do, you might be thinking, where can I buy that?  Let's start at the back and work our way forward. We can make our software development costs cheaper by increasing productivity from developers. We can make our software development practices faster by increasing convenience and reducing waste. We can make our software better by increasing security. Let's first look at increasing productivity.  To increase productivity, we need to under    stand the Resistance Pyramid.  If you know how to change people and the culture within an organization, then you can significantly increase your productivity.  However, people and culture are difficult to change, and different people require different management approaches. At the bottom of the pyramid are people who are unknowing.  These individuals Don't know what to do.  You can think of the interns in your company.  They just got to your company, but don't understand what practices and processes to follow.  If you want to change the interns, then you need to communicate what is best practice and what is expected from their performance.  Utilize an inquiry approach to decrease fear of not knowing, for example, "do you know to whom I should speak about such-and-such?" or "do you know how we do such-and-such here?"  An answer of "no" allows you to inform them of the missing knowledge in a conversational rather than a directional manner. The middle part of the pyramid is people who believe they are unable to adapt to change.  These are individuals that don't know how to do the task at hand.  Here, communications are important, but also skills training.  Compare your team members here to an unskilled labor force -- they're willing to work but need an education to move forward.  If you give them that, then the unskilled can become skilled. However, if you never invest in them, then you will not increase your company's productivity and lowers your costs. At the Top of the resistance pyramid are the people who are unwilling.  These individuals Don't Want to Change.  We might call these folks the curmudgeons that say we tried it before, and it doesn't work.  Or I'm too old to learn that.  If you want to change these individuals and the culture of an organization, then you need to create motivation. As leaders, our focus to stimulate change will be to focus on communicating, educating, and motivating.  The first thing that we need to communicate is the Why.  Why is Secure Software Development important?  The answer is money.  There are a variety of studies that have found that when software vulnerabilities get detected in the early development processes, they are cheaper than later in the production phases.  Research from the Ponemon Institute in 2017 found that the average cost to address a defect in the development phase was $80, in the build phase was $240, in the QA/Test Phase was $960, and in the Production phase was $7,600.  Think of that difference.  $80 is about 1% of $7,600.  So if a developer finds bugs in the development code then they don't just save their time, they save the time of second developer who doesn't have to do a failed code review, they save the time of an infrastructure engineer who has to put the failed code on a server, they save the time of another tester who has to create regression tests which fail, they save the time of a wasted change approval board on a failed release, and they save the customer representatives time who will respond to customers when the software is detected as having issues.  As you see there's a lot of time to be saved by increasing productivity, as well as a 99% cost savings for what has to be done anyway.  Saving their own time is something that will directly appeal to every development team member. To do this we need to do something called Shift Left Testing.  The term shift left refers to finding vulnerabilities earlier in development.  To properly shift left we need to create two secure software development programs. The first program needs to focus on is the processes that an organization needs to follow to build software the right way.  This is something you have to build in house.  For example, think about how you want software to create a network diagram that architects can look at in your organization.  Think about the proper way to register an application into a Configuration Management Database so that there is a POC who can answer questions when an application is down.  Think about how a developer needs to get a DNS entry created for new websites.  Think about how someone needs to get a website into the various security scanning tools that your organization requires (SAST, DAST, Vuln Management, Container Scanning, etc.)  Think about how developers should retire servers at the end of life.  These practices are unique to your company.  They may require a help desk ticket to make something happen or if you don't have a ticketing system, an email.  We need to document all of these into one place where they can be communicated to the staff members who will be following the processes.  Then our employee has a checklist of activities they can follow.  Remember if it's not in the checklist, then it won't get done.  If it doesn't get done, then bad security outcomes are more likely happen.  So, work with your architects and security gurus to document all of the required practices for Secure Software Development in your company.  You can place this knowledge into a Wikipedia article, a SharePoint site, a Confluence Page, or some kind of website.  Make sure to communicate this frequently.  For example, have the CIO or CISO share it at the IT All Hands meeting.  Send it out in monthly newsletters.  Refer to it in security discussions and architecture review boards.  The more it's communicated the more unknowing employees will hear about it and change their behavior. The second program that you should consider building is a secure code training platform.  You can think of things such as Secure Code Warrior, HackEDU (now known as Security Journey), or Checkmarx Code Bashing.  These secure code training solutions are usually bought by organizations instead of being created in-house.  They teach developers how to write more secure code.  For example, "How do I write JavaScript code that validates user input, sanitizes database queries, and avoids risky program calls that could create vulnerabilities in an application?"  If developers gain an education in secure programming, then they are less likely to introduce vulnerabilities into their code.  Make these types of training programs available to every developer in your company. Lastly, we need to find a way to motivate the curmudgeons.  One way to do that is the following:Let's say you pick one secure coding platform and create an initial launch.  The first two hundred people in the organization that pass the secure developer training get a one-time bonus of $200.  This perk might get a lot of people interested in the platform.  You might even get 10-20% of your organization taking the training in the first quarter of the program.  The second quarter your organization announces that during performance reviews anyone who passed the secure software training will be viewed more favorable than their peers.  Guess what?  You will see more and more people taking the training class.  Perhaps you see that 50% of your developer population becomes certified.  Then the following year you say since so many developers are now certified, to achieve the rank of Senior Developer within the organization, it is now expected to pass this training.  It becomes something HR folks look for during promotion panels.  This gradual approach to move the ball in training can work and has been proven to increase the secure developer knowledgebase. Here's a pro tip:  Be sure to create some kind of badges or digital certificates that employees can share.  You might even hand out stickers upon completion that developers can proudly place on their laptops.  Simple things like this can increase visibility.  They can also motivate people you didn't think would change. Now that we have increased productivity from the two development programs (building software the right way and a secure code training platform), it's time to increase convenience and reduce waste.  Do you know what developers hate?  Well, other than last-minute change requests.  They hate inefficiencies.  Imagine if you get a vulnerability that says you have a bug on line 242 in your code.  So you go to the code, and find there really isn't a bug, it's just a false positive in the tool.  This false bug detection really, well, bugs developers.  So, when your organization picks a new SAST, DAST, or IAST tool, be sure to test the true and false positive rates of the tool.  One way to do this is to run the tools you are considering against the OWASP Benchmark.  (We have a link to the OWASP Benchmark in our show notes.)  The OWASP Benchmark allows companies to test tools against a deliberately vulnerable website with vulnerable code.  In reality, testing tools find both good code and bad code.  These results should be compared against the ground truth data to determine how many true/false positives were found.  For example, if the tool you choose has a 90% True Positive Rate and a 90% False Positive Rate then that means the tool pretty much reports everything is vulnerable.  This means valuable developer time is wasted and they will hate the tool despite its value.  If the tool has a 50% True Positive Rate and a 50% False positive rate, then the tool is essentially reporting randomly.  Once again, this results in lost developer confidence in the tool.  You really want tools that have high True Positive Rates and low False Positive Rates.  Optimize accordingly. Another developer inefficiency is the amount of tools developers need to leverage.  If a developer has to log into multiple tools such as Checkmarx for SAST findings, Qualys for Vulnerability Management findings, Web Inspect for DAST findings, Prisma for Container Findings, Truffle Hog for Secrets scanning, it becomes a burden.  If ten systems require two minutes of logging in and setup each that's twenty minutes of unproductive time.  Multiply that time the number of developers in your organization and you can see just how much time is lost by your team just to get setup to perform security checks.  Let's provide convenience and make development faster.  We can do that by centralizing the security scanning results into one tool.  We recommend putting all the security findings into a Source Code Repository such as GitHub  or GitLab.  This allows a developer to log into GitHub every day and see code scanning vulnerabilities, dependency vulnerabilities, and secret findings in one place.  This means that they are more likely to make those fixes since they actually see them.  You can provide this type of view to developers by buying tools such as GitHub Advanced Security.  Now this won't provide all of your security tools in one place by itself.  You still might need to show container or cloud findings which are not in GitHub Advanced Security.  But this is where you can leverage your Source Code Repository's native CI/CD tooling.  GitHub has Actions and GitLab has Runners.  With this CI/CD function developers don't need to go to Jenkins and other security tools.  They can use a GitHub Actions to integrate Container and Cloud findings from a tool like Prisma.  This means that developers have even fewer tools from CI/CD perspectives as well less logging into security tools.  Therefore, convenience improves.  Now look at it from a longer perspective.  If we get all of our developers integrating with these tools in one place, then we can look in our GitHub repositories to determine what vulnerabilities a new software release will introduce.  This could be reviewed at Change Approval Board.  You could also fast track developer who are coding securely.  If a developer has zero findings observed in GitHub, then that code can be auto approved for the Change Approval.  However, if you have high/critical findings then you need manager approvals first.  These approvals can be codified using GitHub code scanning, which has subsumed the tool Looks Good To Me (LGTM), which stopped accepting new user sign-ups last week (31 August 2022).  This process can be streamlined into DevSecOps pipelines that improve speed and convenience when folks can skip change approval meetings. Another key way we can make software faster is by performing value stream mapping exercises.  Here's an example of how that reduces waste.  Let's say from the time Nessus finds a vulnerability there's actually fifteen steps that need to occur within an organization to fix the vulnerability.  For example, the vulnerability needs to be assigned to the right team, the team needs to look at the vulnerability to confirm it's a legitimate finding, a patch needs to be available, a patch needs to be tested, a change window needs to be available, etc.  Each of these fifteen steps take time and often require different handoffs between teams.  These activities often mean that things sit in queues.  This can result in waste and inefficiencies.  Have your team meet with the various stakeholders and identify two time durations.  One is the best-case time for how long something should go through in an optimal process.  The second is the average time it takes things to go through in the current process.  At the end of it you might see that the optimal case is that it takes twenty days to complete the fifteen activities whereas the average case takes ninety days.  This insight can show you where you are inefficient.  You can identify ways to speed up from ninety to twenty days.  If you can do this faster, then developer time is gained.  Now, developers don't have to wait for things to happen.  Making it convenient and less wasteful through value stream mapping exercises allows your teams to deploy faster, patch faster, and perform faster. OK last but not least is making software better by increasing security.   At the end of the day, there are many software activities that we do which provide zero value to the business.  For example, patching operating systems on servers does not increase sales.  What makes the sales team sell more products?  The answer is more features on a website such as product recommendations, more analysis of the data to better target consumers, and more recommendations from the reporting to identify better widgets to sell.  Now, I know you are thinking, did CISO Tradecraft just say to not patch your operating systems?  No, we did not.  We are saying patching operating systems is not a value-add exercise.  Here's what we do recommend.  Ask every development team to identify what ike patching.  Systems that have a plethora of maintenance activities are wasteful and should be shortlisted for replacement.  You know the ones: solutions still running via on-premises VMWare software, software needing monthly java patching, and software if the wind blows the wrong way you have an unknown error.  These systems are ripe for replacement.  It can also be a compelling sell to executives.  For example, imagine going to the CIO and CEO of Acme corporation.  You highlight the Acme app is run by a staff of ten developers which fully loaded cost us about $250K each.  Therefore, developing, debugging, and maintaining that app costs our organization roughly $2,500,000 in developer time alone plus hosting fees.  You have analyzed this application and found that roughly 80% of the time, or $2,000,000, is spent on maintenance activities such as patching. You believe if the team were to rewrite the application in a modern programming language using a serverless technology approach the team could lower maintenance activities from 80% to 30%.  This means that the maintenance costs would decrease from $2 million to $750K each year.  Therefore, you can build a financial case that leadership fund a $1.25 million initiative to rewrite the application in a more supportable language and environment, which will pay for itself at the end of the second year.  No, I didn't get my math wrong -- don't forget that you're still paying the old costs while developing the new system.) Now if you just did a lift and shift to AWS and ran the servers on EC-2 or ECS, then you still have to patch the instance operating systems, middle ware, and software -- all of which is a non-value add.  This means that you won't reduce the maintenance activities from 80% to 30%.  Don't waste developer time on these expensive transition activities; you're not going to come out ahead.  Now let's instead look at how to make that maintenance go away by switching to a serverless approach.  Imagine if the organization rewrote the VMware application to run on either: A third party hosted SaaS platform such as Salesforce or Office 365 or A serverless AWS application consisting of Amazon S3 buckets to handle front-end code, an Amazon API Gateway to make REST API calls to endpoints, AWS Lambda to run code to retrieve information from a Database, and Dynamo DB to store data by the application This new software shift to a serverless architecture means you no longer have to worry about patching operating systems or middleware.  It also means developers don't spend time fixing misconfigurations and vulnerabilities at the operating system or middleware level.  This means you made the software more secure and gave the developers more time to write new software features which can impact the business profitability.  This serverless approach truly is better and more secure.  There's a great story from Capital One you can look up in our show notes that discusses how they moved from EC-2 Servers to Lambda for their Credit Offers Application Interface.  The executive summary states that the switch to serverless resulted in 70% performance gains, 90% cost savings, and increased team velocity by 30% since time was not spent patching, fixing, and taking care of servers.  Capital One uses this newfound developer time to innovate, create, and expand on business requirements.  So, if you want to make cheaper, faster, and better software, then focus on reducing maintenance activities that don't add value to the business. Let's recap.  World class CISOs create a world class software development organization.  They do this by focusing on cheaper, faster, and better software. To perform this function CISOs increase productivity from developers by creating documentation that teaches developers how to build software the right way as well as creating a training program that promotes secure coding practices.  World Class CISOs increase the convenience to developers by bringing high-confidence vulnerability lists to developers which means time savings in not weeding out false positives.  Developers live in Source Code Repositories such as GitHub or GitLab, not the ten different software security tools that security organizations police.  World Class CISOs remove waste by performing value stream exercises to lean out processes and make it easier for developers to be more efficient.  Finally, World Class CISOs make software better by changing the legacy architecture with expensive maintenance activities to something that is a winnable game.  These CISOs partner with the business to focus on finding systems that when re-architected to become serverless increase performance gains, promote cost savings, and increase developer velocity. We appreciate your time listening to today's episode.  If this sparks a new idea in your head. please write it down, share it on LinkedIn and tag CISO Tradecraft in the comment.  We would love to see how you are taking these cyber lessons into your organization to make better software for all of us. Thanks again for listening to CISO Tradecraft.  This is G. Mark Hardy, and until next time, stay safe out there. References https://www.sixsigmadaily.com/who-was-shigeo-shingo-and-why-is-he-important-to-process-improvement/ https://news.microsoft.com/speeches/satya-nadella-and-chris-capossela-envision-2016/  Galpin, T.J. (1996).  The Human Side of Change: A Practical Guide to Organization Redesign.  Jossey-Bass  https://www.businesscoaching.co.uk/news/blog/how-to-break-down-barriers-to-change  Ponemon Institute and IBM. (2017) The State of Vulnerability Management in the Cloud and On-Premises  https://www.bmc.com/blogs/what-is-shift-left-shift-left-testing-explained/  https://www.securecodewarrior.com/  https://www.securityjourney.com/  https://checkmarx.com/product/codebashing-secure-code-training/  https://owasp.org/www-project-benchmark/  https://docs.github.com/en/get-started/learning-about-github/about-github-advanced-security  https://medium.com/capital-one-tech/a-serverless-and-go-journey-credit-offers-api-74ef1f9fde7f 

In this episode of the Product Marketing Careers podcast, Al Dea welcomes Scott Shapiro, Director, and Head of Global Product Marketing at Secure Code Warrior.Scott leads the PMM team at the company, and previously, he was a Principal Product Marketer at Qualtrics where he focused on Customer Success & Growth. In this role, he brought together product marketing and marketing operations strategies to drive customer adoption, usage, and renewal.Prior to joining Qualtrics as a private company, Scott worked at Microsoft for 5 years doing product and growth marketing for Office. He helped launch the first-ever version of Office for iOS and Android, the first integration between Microsoft and LinkedIn, and the redesign of OneNote.

Want to know a free, open-source test tool for automating SaleForce apps? Why is Choas engineering becoming a hot area? Do you know that modeling is a great way to help your security testing efforts? Find out the answers to these and other end-to-end full pipeline DevOps, automation, performance, and security testing in this episode of the test guild news show for the week of March 27   Time News Title Rocket Link 0:23 Applitools Free Trial https://rcl.ink/xroZw  0:55 Eran Book https://links.testguild.com/mFg4M 1:44 TestZeus https://links.testguild.com/xDnDF 2:45  Automation Mitigation https://links.testguild.com/2n0QS 3:19 Lightlytics  https://links.testguild.com/vfWLn 4:41 PractiTest Survey  https://links.testguild.com/NNlHH 5:37 Citrix Perf Webinar https://links.testguild.com/Q9bX1 6:12 ChaosNative https://links.testguild.com/Lbts9 7:31 ForAllSecure  https://links.testguild.com/J9Ml1 8:07 Secure Code Warrior  https://links.testguild.com/im16P 9:00 Security modeling https://links.testguild.com/tvw2J

As the IoT ecosystem continues to grow, so does the importance of securing those IoT networks. According to Gartner, spending on IoT security solutions will reach $631 million. This is a significant leap from $91 million, which was spent in 2016, and this annual global spending statistic shows that IoT solutions are headed for a massive boom within the next decade.According to Gemalto, another worrying stat, 48% of businesses admit that they cannot detect IoT security breaches on their network. Nearly half of the companies that use IoT can't identify when their network is compromised. As more businesses invest in IoT technology, we can only hope that this number decreases.In this PodChats for FutureIoT, we speak to Pieter Danhieux, the Co-Founder and CEO of Secure Code Warrior about the state of IoT security.1.       Let's frame our discussion first: where can we find IoT technologies in a typical enterprise in Asia?2.       What are prevailing misconceptions about IoT security?3.       From your perspective, should leaders be concerned about IoT security? 4.       Where should senior leadership begin the discussion of IoT security?5.       What should be the key considerations for revisiting the security of their IoT infrastructure?6.       What about the skills/know-how around IoT security? Do we hire or outsource?7.       What preconceived ideas should leaders set aside when discussing IoT security?

In the Enterprise News, Contrast Security partners with Secure Code Warrior, Bandura releases the Cyber Intelligence Marketplace, Illumio beefs up zero-trust security with automated policy enforcement, Rapid7 Launches InsightCloudSec to Automate Continuous Security and Compliance, Leaked email shows Tanium just lost its fourth chief marketing officers in five years, Bitdefender launches eXtended EDR platform, ThycoticCentrify Releases a new version of Server Suite, Outpost24 acquires threat intelligence solution Blueliv, Microsoft acquires RiskIQ, Cybereason raises $275 million led by Steven Mnuchin's VC fund, and Arctic Wolf triples valuation and raises an additional $150m! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw234

This week, in our first segment, we welcome Rajiv Thomas, Sr Systems Engineer at Gas South LLC, to discuss Gas South and ExtraHop- A Journey of Security Partnership! In the Enterprise News, Contrast Security partners with Secure Code Warrior, Bandura releases the Cyber Intelligence Marketplace, Illumio beefs up zero-trust security with automated policy enforcement, Rapid7 Launches InsightCloudSec to Automate Continuous Security and Compliance, Leaked email shows Tanium just lost its fourth chief marketing officers in five years, Bitdefender launches eXtended EDR platform, ThycoticCentrify Releases a new version of Server Suite, Outpost24 acquires threat intelligence solution Blueliv, Microsoft acquires RiskIQ, Cybereason raises $275 million led by Steven Mnuchin's VC fund, and Arctic Wolf triples valuation and raises an additional $150m! Finally, we wrap up the show with two micro interviews from RSAC featuring Deepika Gajaria of Tala Security and Scott Scheferman from Eclypsium!   Show Notes: https://securityweekly.com/esw234 Visit https://securityweekly.com/eclypsium to learn more about them! Visit https://securityweekly.com/talasecurity to learn more about them! To learn more about ExtraHop, visit: https://securityweekly.com/extrahop   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, in our first segment, we welcome Rajiv Thomas, Sr Systems Engineer at Gas South LLC, to discuss Gas South and ExtraHop- A Journey of Security Partnership! In the Enterprise News, Contrast Security partners with Secure Code Warrior, Bandura releases the Cyber Intelligence Marketplace, Illumio beefs up zero-trust security with automated policy enforcement, Rapid7 Launches InsightCloudSec to Automate Continuous Security and Compliance, Leaked email shows Tanium just lost its fourth chief marketing officers in five years, Bitdefender launches eXtended EDR platform, ThycoticCentrify Releases a new version of Server Suite, Outpost24 acquires threat intelligence solution Blueliv, Microsoft acquires RiskIQ, Cybereason raises $275 million led by Steven Mnuchin's VC fund, and Arctic Wolf triples valuation and raises an additional $150m! Finally, we wrap up the show with two micro interviews from RSAC featuring Deepika Gajaria of Tala Security and Scott Scheferman from Eclypsium!   Show Notes: https://securityweekly.com/esw234 Visit https://securityweekly.com/eclypsium to learn more about them! Visit https://securityweekly.com/talasecurity to learn more about them! To learn more about ExtraHop, visit: https://securityweekly.com/extrahop   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

In the Enterprise News, Contrast Security partners with Secure Code Warrior, Bandura releases the Cyber Intelligence Marketplace, Illumio beefs up zero-trust security with automated policy enforcement, Rapid7 Launches InsightCloudSec to Automate Continuous Security and Compliance, Leaked email shows Tanium just lost its fourth chief marketing officers in five years, Bitdefender launches eXtended EDR platform, ThycoticCentrify Releases a new version of Server Suite, Outpost24 acquires threat intelligence solution Blueliv, Microsoft acquires RiskIQ, Cybereason raises $275 million led by Steven Mnuchin's VC fund, and Arctic Wolf triples valuation and raises an additional $150m!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw234

Machine Learning appears to have made impressive progress on many tasks including image classification, machine translation, autonomous vehicle control, playing complex games including chess, Go, and Atari video games, and more. This has led to much breathless popular press coverage of Artificial Intelligence, and has elevated deep learning to an almost magical status in the eyes of the public. ML, especially of the deep learning sort, is not magic, however.  ML has become so popular that its application, though often poorly understood and partially motivated by hype, is exploding. In my view, this is not necessarily a good thing. I am concerned with the systematic risk invoked by adopting ML in a haphazard fashion. Our research at the Berryville Institute of Machine Learning (BIIML) is focused on understanding and categorizing security engineering risks introduced by ML at the design level.  Though the idea of addressing security risk in ML is not a new one, most previous work has focused on either particular attacks against running ML systems (a kind of dynamic analysis) or on operational security issues surrounding ML. This talk focuses on the results of an architectural risk analysis (sometimes called a threat model) of ML systems in general.  A list of the top five (of 78 known) ML security risks will be presented. About the speaker: Gary McGraw is co-founder of the Berryville Institute of Machine Learning. He is a globally recognized authority on software security and the author of eight best selling books on this topic. His titles include Software Security, Exploiting Software, Building Secure Software, Java Security, Exploiting Online Games, and 6 other books; and he is editor of the Addison-Wesley Software Security series.  Dr. McGraw has also written over 100 peer-reviewed scientific publications. Gary serves on the Advisory Boards of Code DX, Maxmyinterest, Runsafe Security, and Secure Code Warrior.  He has also served as a Board member of Cigital and Codiscope (acquired by Synopsys) and as Advisor to Black Duck (acquired by Synopsys), Dasient (acquired by Twitter), Fortify Software (acquired by HP), and Invotas (acquired by FireEye). Gary produced the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine for thirteen years. His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean's Advisory Council for the Luddy School of Informatics, Computing, and Engineering.

Sam Crowther is the founder of Kasada, a cybersecurity solution for bot mitigation designed to beat cybercriminals at their own game. Sam got his start in entrepreneurship pretty early on, kicking off the business in 2015 at age 18. His story and the following success has been pretty unique. We talk about fundraising, managing sales cycles, and the importance of picking the right people to work with. In this episode you'll hear us mention Pieter Danhieux from Secure Code Warrior. You can hear his story here: https://soundcloud.com/cyrisesessions/cyrise-sessions-with-pieter-danhieux Sam's book recommendation is The Ride of a Lifetime, by Robert Iger: https://www.goodreads.com/book/show/44525305-the-ride-of-a-lifetime Find out more about Kasada here: https://www.kasada.io/

AUCyberscape is Australia's first consolidated online destination for understanding Australia's cyber security capabilities. It provides interactive visibility of Australian cyber security products and services available on the economy and will highlight trends, issues and opportunities in the industry. Further, it collects data that demonstrates the breadth of capability and growth of the sector, together with its ability to be globally competitive as it scales.The platform, which is free to users and providers, allows Australian cyber security companies to showcase their products, services, business solutions and sector experience; connect with customers; and access information to support their company development and growth.Businesses, government, investors and individuals can understand more about cyber security and their cyber security needs; search for and directly connect with Australian cyber security companies; and learn about cyber security career pathways and education opportunities.In episode nine of ‘OzCyber Unlocked', AustCyber's CEO Michelle Price speaks to Scott Gunther (General Partner at IAG Firemark Ventures), Professor Lesley Seebeck (Honorary Professor at the ANU), Prerana Mehta (Chief of Ecosystem Development at AustCyber) and Eddie Sheehy (tech entrepreneur, investor, and non-executive director at Secure Code Warrior) about the value of AUCyberscape to the sector.This month's ‘cyber spotlight' features Tony Smales from Forticode. Through their patented, bi-directional cryptographic process that is fully auditable and tamper proof, Forticode's product ‘Cipherise' provides a universal method for authenticating people, accepting and tracking approvals, communicating, and collecting digital signatures.For more information about the organisations featured, visit:AUCyberscape: www.aucyberscape.comAustCyber: www.austcyber.com IAG: www.iag.com.auForticode: www.forticode.comCipherise: https://cipherise.com

Patrick Hauspie programma adviseur Artificiële Intelligentie en Cyber Security en Werner Van Horebeek hebben het in deze aflevering over het boek De Cyber Arena, computerhygiëneregels en de cybersecurity verbetertrajecten van VLAIO. Neem zeker ook een kijkje op: https://youtu.be/k5eL_al_m7Q voor de Google Maps hacks door Simon Weckert, op www.digitaletoekomst.be vind je info over Secure Code Warrior, Intigrity en de VLAIO Cybersecurity verbetertrajecten: https://www.digitaletoekomst.be/nl/cyber-security/aan-de-slag/cybersecurity-verbetertrajecten-voor-kmos

Elana Freeman, ISR at Secure Code Warrior, joins host Neil Bhuiyan to share how her SDR story ended up, in cyber-security-space! Don't miss Elana's golden-nuggets for brand new SDRs.

Our guest for this episode is Pieter Danhieux. He’s the Co-founder and CEO of Secure Code Warrior, a platform that empowers developers to write secure code from the beginning. SCW was founded in 2015, currently employs 170+ staff, and has secured over $50M USD in funding. We chat about early customers, cofounder dynamics and why it’s lonely as a CEO. Pieter's book recommendation is Powerful, by Patty McCord: https://www.amazon.com.au/Powerful-Building-Culture-Freedom-Responsibility/dp/1939714095 We talk about Eddy Sheehy. He's the former CEO of Nuix, an investor, an advisor, and all-round legend. We was also a guest on this podcast and you can listen here: https://soundcloud.com/cyrisesessions/cyrise-sessions-with-eddie-sheehy

As the COVID-19 pandemic has stressed, apps need to be created, deployed, and updated faster than ever before. But without knowing it, many developers are building in security flaws at the earliest stages of coding. Pieter Danhieux, CEO of Secure Code Warrior, an Australian DevSecOps startup, is determined to change all that. In this podcast and article, Pieter speaks with Cisco Techbeat host Kevin Delaney about his efforts to bring security awareness and strategy to developers everywhere.

Our guests today are Glenn Bravy and Merritt Wilson.Glenn works at Secure Code Warrior, partnering with people who believe that secure code training can be both hands-on and enjoyable. When it comes to getting upskilling, active learning and consistent practice outperform talent over time. When not working, Glenn is trying to hack and grow veggies at home.Merritt Wilson also works at Secure Code Warrior. He helps customers prudently solve real world cyber security and compliance problems. He enjoys working with those who truly understand their business objectives and challenges. During his off time, Merritt's passions include anything automobile-related and woodworking.Secure Code Warrior: https://securecodewarrior.com/Portland Oregon OWASP Tournament Details: (July 21, 2020, 8:00 AM - July 24, 2020, 8:00 PM)Register: https://discover.securecodewarrior.com/OWASP-Portland-tournament.htmlRSVP: https://www.meetup.com/OWASP-Portland-Chapter/events/271638472/Slack Channel: https://join.slack.com/t/owasppdx/shared_invite/zt-fid1qpsj-L_EaKW7WSxQMDzSIpubuawOWASP PDX Study Night: Join Sam Lemly as he helps you prepare for the tournamentRSVP: https://www.meetup.com/OWASP-Portland-Chapter/events/271905106/Glenn and Merritt are interviewed by John L. WhitemanFollow us, join us, be us:HomepageTwitterMeetupLinkedInYouTubeSupport the show (https://www.owasp.org/index.php/Membership#tab=Other_ways_to_Support_OWASP)

As the COVID-19 pandemic has stressed, apps need to be created, deployed, and updated faster than ever before. But without knowing it, many developers are building in security flaws at the earliest stages of coding. Pieter Danhieux, CEO of Secure Code Warrior, an Australian DevSecOps startup, is determined to change all that. In this podcast and article, Pieter speaks with Cisco Techbeat host Kevin Delaney about his efforts to bring security awareness and strategy to developers everywhere.

Darin and Kim are joined by Matias Madou, co-founder and CTO of Secure Code Warrior. SCW provides a fully hands-on gamified experience with metrics, leaderboards and badging enabling developers to master secure coding in different development languages and frameworks. Matias has over a decade of hands-on software security experience. He is responsible for over a dozen patents and several papers have resulted from his research eventually leading to a hand full of commercial developed products. Find out more about Secure Code Warrior by visiting https://securecodewarrior.com/.

In today’s digitally enabled world, organisations are constantly evolving their products and services to maintain a competitive advantage with the customer. Cloud Computing and software development practices such as DevOps enable organisations to achieve high levels of agility, but often do so at the expense of security. Traditional Security practices are failing to evolve at the same rate, and this has resulted in a number of high-profile organisations fall foul to cyber-attacks. However, if done correct, DevSecOps offers a solution to this problem. Join two DevSecOps experts from Capgemini Invent and Secure Code Warrior, as they discuss what DevSecOps means to them, where the business driver for DevSecOps comes from, how you should approach DevSecOps within your organisation and the likely challenges you may come across on that journey. With host Dan Harrison, Cap Invent; Mattias Madou, CTO Secure Code Warrior and Kay Ng, Cap Invent.

Ken and Seth are joined by Matias Madou, CTO of Secure Code Warrior. Discussion of current state of application security training, static analysis tools, and just-in-time-training.

Ken and Seth are joined by Matias Madou, CTO of Secure Code Warrior. Discussion of current state of application security training, static analysis tools, and just-in-time-training.

Sean Martin and Marco Ciappelli chat with Bugcrowd's Casey Ellis and Jason Jason Haddix about some of their recent news -- including their Buggy Awards, v2 of their Traffic Control capabilities, and their new partnership with Secure Code Warrior, designed to help educate and train engineers as part of the ongoing development lifecycle, shifting the InfoSec training left in the SDLC. It’s safe to say that the team at Bugcrowd is looking to do the right thing for the InfoSec community (and the industry) in pretty much every move they make and every action they take. There’s a crowd of adversaries ready and willing to take us down and we need a crowd of educated, capable and ethical hackers to combat this threat. Learn more about Bugcrowd here: https://www.itspmagazine.com/company-directory/bugcrowd

Matias Madou is the CTO of Secure Code Warrior where he is responsible for leading the company’s technology vision and overseeing the engineering team. He joins Keith this week for the feature interview! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode03 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

This week, Keith is joined by Doug White, host of Secure Digital Life! Matias Madou of Secure Code Warrior joins us for an interview! In the news, Red Hat has now reverted CPU patches for Spectre, Russian Twitterbots are blaming the US shutdown on Democrats, and more on this episode of Application Security Weekly!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode03   Visit https://www.securityweekly.com/ for all the latest episodes!

Matias Madou is the CTO of Secure Code Warrior where he is responsible for leading the company’s technology vision and overseeing the engineering team. He joins Keith this week for the feature interview! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode03 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

This week, Keith is joined by Doug White, host of Secure Digital Life! Matias Madou of Secure Code Warrior joins us for an interview! In the news, Red Hat has now reverted CPU patches for Spectre, Russian Twitterbots are blaming the US shutdown on Democrats, and more on this episode of Application Security Weekly!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode03   Visit https://www.securityweekly.com/ for all the latest episodes!