Daily update on current cyber security threats
…
continue reading
Innhold levert av Snyk. Alt podcastinnhold, inkludert episoder, grafikk og podcastbeskrivelser, lastes opp og leveres direkte av Snyk eller deres podcastplattformpartner. Hvis du tror at noen bruker det opphavsrettsbeskyttede verket ditt uten din tillatelse, kan du følge prosessen skissert her https://no.player.fm/legal.
Lik The Secure Developer
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
Player FM - Podcast-app
Gå frakoblet med Player FM -appen!
Gå frakoblet med Player FM -appen!
))
Implementing A DevSecOps Program For Large Organizations With David Imhoff
Manage episode 430397399 series 1601195
Innhold levert av Snyk. Alt podcastinnhold, inkludert episoder, grafikk og podcastbeskrivelser, lastes opp og leveres direkte av Snyk eller deres podcastplattformpartner. Hvis du tror at noen bruker det opphavsrettsbeskyttede verket ditt uten din tillatelse, kan du følge prosessen skissert her https://no.player.fm/legal.
Episode Summary
In this episode of The Secure Developer, David Imhoff, Director of DevSecOps and Product Security at Kroger, shares insights on implementing DevSecOps in large organizations. He discusses balancing regulatory compliance with business objectives, fostering a security culture, and the challenges of risk mitigation. David also explores the importance of asset management, security champions, and the potential impact of AI on cybersecurity practices.
Show Notes
In this episode of The Secure Developer, host Danny Allan speaks with David Imhoff, Director of DevSecOps and Product Security at Kroger, about implementing security programs in large organizations. David shares his experience transitioning from blue team operations to engineering and back to security, emphasizing the importance of understanding both security and engineering perspectives to create effective DevSecOps programs.
The conversation delves into the challenges of starting a security program in a large retail organization, with David highlighting the importance of understanding regulatory requirements, such as HIPAA, and aligning security measures with business objectives. He discusses the use of the NIST Cybersecurity Framework for measuring and reporting security posture to the board, and the process of balancing security needs with business risk appetite.
David explains Kroger's approach to building a security culture, including the implementation of a security champions program and the use of Objectives and Key Results (OKRs) to drive security initiatives. He details the company's strategies for centralizing security policies while allowing flexibility in implementation across different engineering teams. The discussion also covers the integration of security tools into the development pipeline, including the use of GitHub Actions for vulnerability scanning and management.
The episode explores various security technologies employed at Kroger, including Software Composition Analysis (SCA), Static Application Security Testing (SAST), API security, and secrets scanning. David shares insights on the challenges of prioritizing security alerts and the ongoing effort to provide a cohesive view of risk across multiple tools. The conversation concludes with a discussion on the potential impact of AI on security practices, including the new challenges it presents in areas such as data poisoning and model management, as well as the potential for AI to improve threat modeling processes.
Links
Follow Us
155 episoder
Del
Manage episode 430397399 series 1601195
Innhold levert av Snyk. Alt podcastinnhold, inkludert episoder, grafikk og podcastbeskrivelser, lastes opp og leveres direkte av Snyk eller deres podcastplattformpartner. Hvis du tror at noen bruker det opphavsrettsbeskyttede verket ditt uten din tillatelse, kan du følge prosessen skissert her https://no.player.fm/legal.
Episode Summary
In this episode of The Secure Developer, David Imhoff, Director of DevSecOps and Product Security at Kroger, shares insights on implementing DevSecOps in large organizations. He discusses balancing regulatory compliance with business objectives, fostering a security culture, and the challenges of risk mitigation. David also explores the importance of asset management, security champions, and the potential impact of AI on cybersecurity practices.
Show Notes
In this episode of The Secure Developer, host Danny Allan speaks with David Imhoff, Director of DevSecOps and Product Security at Kroger, about implementing security programs in large organizations. David shares his experience transitioning from blue team operations to engineering and back to security, emphasizing the importance of understanding both security and engineering perspectives to create effective DevSecOps programs.
The conversation delves into the challenges of starting a security program in a large retail organization, with David highlighting the importance of understanding regulatory requirements, such as HIPAA, and aligning security measures with business objectives. He discusses the use of the NIST Cybersecurity Framework for measuring and reporting security posture to the board, and the process of balancing security needs with business risk appetite.
David explains Kroger's approach to building a security culture, including the implementation of a security champions program and the use of Objectives and Key Results (OKRs) to drive security initiatives. He details the company's strategies for centralizing security policies while allowing flexibility in implementation across different engineering teams. The discussion also covers the integration of security tools into the development pipeline, including the use of GitHub Actions for vulnerability scanning and management.
The episode explores various security technologies employed at Kroger, including Software Composition Analysis (SCA), Static Application Security Testing (SAST), API security, and secrets scanning. David shares insights on the challenges of prioritizing security alerts and the ongoing effort to provide a cohesive view of risk across multiple tools. The conversation concludes with a discussion on the potential impact of AI on security practices, including the new challenges it presents in areas such as data poisoning and model management, as well as the potential for AI to improve threat modeling processes.
Links
Follow Us
155 episoder
Alle episoder
×
Velkommen til Player FM!
Player FM scanner netter for høykvalitets podcaster som du kan nyte nå. Det er den beste podcastappen og fungerer på Android, iPhone og internett. Registrer deg for å synkronisere abonnement på flere enheter.
Lik The Secure Developer
Daily update on current cyber security threats
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
Player FM - Podcast-app
Gå frakoblet med Player FM -appen!
Gå frakoblet med Player FM -appen!
