• CSCP S4EP14 - Izar Tarandach - The Future of Threat Modeling and Product Security, with Izar Tarandach

  • 2024/04/21
  • 再生時間: 39 分
  • ポッドキャスト

CSCP S4EP14 - Izar Tarandach - The Future of Threat Modeling and Product Security, with Izar Tarandach

  • サマリー

  • This episode features guest Izar Tarandach, a seasoned security architect with extensive experience in application security, cloud security, and the development of comprehensive security frameworks. Our discussion navigates through the latest trends in application security, the pivotal role of DevSecOps, and the strategic integration of security practices within modern business environments. Sponsored by Phoenix Security: This episode is brought to you by Phoenix Security, leaders in vulnerability management from code to cloud. Take control of your security with Phoenix and see firsthand how to prioritize and act on critical vulnerabilities with a free 14-day license available at Phoenix Security - Request a Demo. As our conversation progresses, we turn our focus to the critical issue of third-party risk in software development. Aizhar and I examine how high-profile cases have shone a light on the vulnerabilities in the software supply chain and the urgent need for developers to embrace secure coding practices. We discuss the shift toward a security-centric development culture and the importance of establishing business-driven security objectives and realistic service level agreements. Tune in to hear our insights on how the industry is moving beyond the quest for a silver bullet in security tools to a more robust approach that ingrains security into the core responsibilities of developers. In our final chapter, Aizhar and I tackle the delicate balance between ethics, regulation, and business imperatives in cybersecurity. We delve into how regulations can drive security priorities, the risk of a false sense of security, and the vital role of threat modeling in the software development lifecycle. Our discussion highlights the need for a holistic approach that merges the foresight provided by threat modeling with adherence to regulations, fostering a security-conscious culture across all industries. Don't miss this engaging episode where we dissect the evolution of threat modeling and its integral role in protecting our digital world. What's Inside This Episode: 00:02 - Introduction to Cybersecurity and Cloud Podcast: Francesco introduces the series and outlines what listeners can expect from this enlightening episode.00:53 - Greetings and New Developments in Threat Modeling: Discover the latest advancements in threat modeling and their implications for cybersecurity.01:35 - Introducing Izar Tarandach: Learn about Izar's journey and his significant contributions to the field of security architecture.02:09 - Recent Trends in Application Security: A detailed discussion on the transformation in application security spurred by innovations in cloud technology.02:54 - Challenges Facing Today's CISOs: Insight into the pressures and challenges CISOs face with rising security stakes.03:30 - Reevaluating Security Protocols: We analyze how traditional security protocols are being reshaped in today's tech landscape.04:49 - The Role of DevSecOps: Understanding the integration of security into DevOps practices and its impact on software development.05:47 - Concept of "Shift Everywhere": Izar critiques the broad application of the "shift everywhere" concept within security strategies.06:56 - The Evolution of Security Integration: Discussion on how security is becoming embedded in all phases of product development.08:13 - The Dilemma of Security Buzzwords: Evaluating how new security terminologies affect industry focus and policy development.09:28 - The Realistic View of Security Practice: A candid look at the progression from idealistic to pragmatic approaches in security practices.11:25 - Addressing Third-Party Risks: Examination of third-party risks and their impact on the software supply chain.13:28 - Third-Party Risk Management: A Case Study: Insights from high-profile cases highlighting the importance of managing third-party vulnerabilities.15:23 - Integrating Security into Business Objectives: How organizations are embedding security objectives into business strategies.16:47 - Seeking Solutions in Security: A shift from seeking singular security solutions to adopting comprehensive, integrated approaches.18:18 - Advocating for Risk-Based Approaches: The importance of adopting risk-based strategies over traditional security measures.19:44 - Educating Developers on Security Importance: The critical role of educating developers on security as a fundamental aspect of software development. Sponsored by Phoenix Security: This episode is brought to you by Phoenix Security, leaders in vulnerability management from code to cloud. Take control of your security with Phoenix and see firsthand how to prioritize and act on critical vulnerabilities with a free 14-day license available at Phoenix Security - Request a Demo. Don't Miss This Engaging Discussion on Cybersecurity Trends and Strategies: Tune into this enlightening episode to equip yourself with the knowledge and insights needed to navigate the ever-changing ...
    続きを読む 一部表示

あらすじ・解説

This episode features guest Izar Tarandach, a seasoned security architect with extensive experience in application security, cloud security, and the development of comprehensive security frameworks. Our discussion navigates through the latest trends in application security, the pivotal role of DevSecOps, and the strategic integration of security practices within modern business environments. Sponsored by Phoenix Security: This episode is brought to you by Phoenix Security, leaders in vulnerability management from code to cloud. Take control of your security with Phoenix and see firsthand how to prioritize and act on critical vulnerabilities with a free 14-day license available at Phoenix Security - Request a Demo. As our conversation progresses, we turn our focus to the critical issue of third-party risk in software development. Aizhar and I examine how high-profile cases have shone a light on the vulnerabilities in the software supply chain and the urgent need for developers to embrace secure coding practices. We discuss the shift toward a security-centric development culture and the importance of establishing business-driven security objectives and realistic service level agreements. Tune in to hear our insights on how the industry is moving beyond the quest for a silver bullet in security tools to a more robust approach that ingrains security into the core responsibilities of developers. In our final chapter, Aizhar and I tackle the delicate balance between ethics, regulation, and business imperatives in cybersecurity. We delve into how regulations can drive security priorities, the risk of a false sense of security, and the vital role of threat modeling in the software development lifecycle. Our discussion highlights the need for a holistic approach that merges the foresight provided by threat modeling with adherence to regulations, fostering a security-conscious culture across all industries. Don't miss this engaging episode where we dissect the evolution of threat modeling and its integral role in protecting our digital world. What's Inside This Episode: 00:02 - Introduction to Cybersecurity and Cloud Podcast: Francesco introduces the series and outlines what listeners can expect from this enlightening episode.00:53 - Greetings and New Developments in Threat Modeling: Discover the latest advancements in threat modeling and their implications for cybersecurity.01:35 - Introducing Izar Tarandach: Learn about Izar's journey and his significant contributions to the field of security architecture.02:09 - Recent Trends in Application Security: A detailed discussion on the transformation in application security spurred by innovations in cloud technology.02:54 - Challenges Facing Today's CISOs: Insight into the pressures and challenges CISOs face with rising security stakes.03:30 - Reevaluating Security Protocols: We analyze how traditional security protocols are being reshaped in today's tech landscape.04:49 - The Role of DevSecOps: Understanding the integration of security into DevOps practices and its impact on software development.05:47 - Concept of "Shift Everywhere": Izar critiques the broad application of the "shift everywhere" concept within security strategies.06:56 - The Evolution of Security Integration: Discussion on how security is becoming embedded in all phases of product development.08:13 - The Dilemma of Security Buzzwords: Evaluating how new security terminologies affect industry focus and policy development.09:28 - The Realistic View of Security Practice: A candid look at the progression from idealistic to pragmatic approaches in security practices.11:25 - Addressing Third-Party Risks: Examination of third-party risks and their impact on the software supply chain.13:28 - Third-Party Risk Management: A Case Study: Insights from high-profile cases highlighting the importance of managing third-party vulnerabilities.15:23 - Integrating Security into Business Objectives: How organizations are embedding security objectives into business strategies.16:47 - Seeking Solutions in Security: A shift from seeking singular security solutions to adopting comprehensive, integrated approaches.18:18 - Advocating for Risk-Based Approaches: The importance of adopting risk-based strategies over traditional security measures.19:44 - Educating Developers on Security Importance: The critical role of educating developers on security as a fundamental aspect of software development. Sponsored by Phoenix Security: This episode is brought to you by Phoenix Security, leaders in vulnerability management from code to cloud. Take control of your security with Phoenix and see firsthand how to prioritize and act on critical vulnerabilities with a free 14-day license available at Phoenix Security - Request a Demo. Don't Miss This Engaging Discussion on Cybersecurity Trends and Strategies: Tune into this enlightening episode to equip yourself with the knowledge and insights needed to navigate the ever-changing ...

CSCP S4EP14 - Izar Tarandach - The Future of Threat Modeling and Product Security, with Izar Tarandachに寄せられたリスナーの声

カスタマーレビュー:以下のタブを選択することで、他のサイトのレビューをご覧になれます。