• CSCP S4EP16 - Irene Michlin - Threat Modelling in the age of AI

  • 2024/05/26
  • 再生時間: 38 分
  • ポッドキャスト

CSCP S4EP16 - Irene Michlin - Threat Modelling in the age of AI

  • サマリー

  • Listen in as we navigate the crucial role of threat modeling in the landscape of application security with our esteemed guest, Irene Michlin, the application security lead at Neo4j. Together, we peel back the layers of integrating a developer's insight into the security process and how it fortifies the software development lifecycle. Irene's journey from coding to consulting paints a vivid picture of the security challenges and triumphs faced in today's agile environments. Sponsored by Phoenix Security: This episode is brought to you by Phoenix Security, leaders in vulnerability management from code to cloud. Take control of your security with Phoenix and see firsthand how to prioritize and act on critical vulnerabilities with a free 14-day license available at Phoenix Security - Request a Demo. We also dissect the often misunderstood concept of security theater and the varying impact of regulatory demands across businesses of different scales, all while highlighting the need for a risk-based approach to vulnerability management. During our conversation, we touch upon the symbiotic relationship between threat modeling and agile development, sharing anecdotes that demystify the practice and affirm its teachable nature. With Irene's rich background, we discuss how embedding security prompts into daily engineering tasks can make threat modeling more actionable, seamlessly blending it with development workflows. Our chat is a testament to the evolution of generational AI, where its jack-of-all-trades persona is on the cusp of becoming a specialized force with proper data training—showcasing the multifaceted potential of AI in cybersecurity and beyond. Wrapping up the episode, we share our admiration for an innovative Neo4j blog post that elegantly combines general AI with knowledge graphs, a read we highly recommend to those intrigued by the intersection of technology and security. The discussion reaffirms the importance of balancing agility with thoroughness in threat modeling to ensure robust cybersecurity postures. As we conclude, we remind our listeners of the power of staying informed and proactive in the digital age, inviting them to engage with our community through our social media giveaway and to stay tuned for more insights on navigating the ever-evolving world of cybersecurity. What's Inside This Episode: 00:01 - Introduction: Francesco Cipollone introduces the podcast and guest, Irene Michlin, application security lead at Neo4j.00:22 - Sponsorship Mention: Acknowledgment of Phoenix Security's sponsorship.00:25 - Episode Topic Introduction: Francesco and Irene dive into the importance of threat modeling in application security.01:07 - Guest Introduction: Irene Michlin shares her journey from software development to application security leadership.02:59 - Impact of Developer Background on Security: Discussion on how Irene's developer experience enhances her approach to security.03:54 - Challenges in Security Implementation: Insights into the real-world challenges of integrating security into agile development projects.05:42 - State of the Industry: Irene's perspective on the current state and future of application security.07:40 - Security Theater and Compliance: Addressing the pitfalls of security theater and the role of regulatory demands.09:40 - Reachability Analysis Debate: Pros and cons of reachability analysis in application security.11:44 - Generative AI in Security: Exploring the potential and challenges of AI in enhancing application security practices.13:53 - AI-based Threat Modeling: How AI can be leveraged for effective threat modeling while reducing errors.15:36 - Practical Application of Threat Modeling: Making threat modeling actionable through daily engineering tasks.20:20 - Security Prompts: Introduction of security prompts to integrate threat modeling into development workflows.23:15 - Comprehensive vs. Incremental Threat Modeling: Balancing detailed and incremental approaches for robust security.29:01 - PR Change and Code Scanning: Importance of both PR change scans and full scans in maintaining security.32:34 - Integrating Vulnerability Management and Threat Modeling: Bridging the gap between these two critical aspects of application security.36:00 - Closing Message: Encouragement for security professionals to stay positive and seek mentorship.37:31 - Resources and Contacts: How to connect with Irene and access additional resources. Connect with Irene Michlin Connect with Irene Michlin: LinkedIn | Twitter (Legacy: X)Neo4j Blog: Explore insights on using AI and knowledge graphs for security.Threat Modeling Manifesto: Discover principles and practices in threat modeling. Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42Linkedin: linkedin.com/in/fracipo #CSCP #cybermentoringmonday cybercloudpodcast.com Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/Linkedin: https://www.linkedin.com/...
    続きを読む 一部表示

あらすじ・解説

Listen in as we navigate the crucial role of threat modeling in the landscape of application security with our esteemed guest, Irene Michlin, the application security lead at Neo4j. Together, we peel back the layers of integrating a developer's insight into the security process and how it fortifies the software development lifecycle. Irene's journey from coding to consulting paints a vivid picture of the security challenges and triumphs faced in today's agile environments. Sponsored by Phoenix Security: This episode is brought to you by Phoenix Security, leaders in vulnerability management from code to cloud. Take control of your security with Phoenix and see firsthand how to prioritize and act on critical vulnerabilities with a free 14-day license available at Phoenix Security - Request a Demo. We also dissect the often misunderstood concept of security theater and the varying impact of regulatory demands across businesses of different scales, all while highlighting the need for a risk-based approach to vulnerability management. During our conversation, we touch upon the symbiotic relationship between threat modeling and agile development, sharing anecdotes that demystify the practice and affirm its teachable nature. With Irene's rich background, we discuss how embedding security prompts into daily engineering tasks can make threat modeling more actionable, seamlessly blending it with development workflows. Our chat is a testament to the evolution of generational AI, where its jack-of-all-trades persona is on the cusp of becoming a specialized force with proper data training—showcasing the multifaceted potential of AI in cybersecurity and beyond. Wrapping up the episode, we share our admiration for an innovative Neo4j blog post that elegantly combines general AI with knowledge graphs, a read we highly recommend to those intrigued by the intersection of technology and security. The discussion reaffirms the importance of balancing agility with thoroughness in threat modeling to ensure robust cybersecurity postures. As we conclude, we remind our listeners of the power of staying informed and proactive in the digital age, inviting them to engage with our community through our social media giveaway and to stay tuned for more insights on navigating the ever-evolving world of cybersecurity. What's Inside This Episode: 00:01 - Introduction: Francesco Cipollone introduces the podcast and guest, Irene Michlin, application security lead at Neo4j.00:22 - Sponsorship Mention: Acknowledgment of Phoenix Security's sponsorship.00:25 - Episode Topic Introduction: Francesco and Irene dive into the importance of threat modeling in application security.01:07 - Guest Introduction: Irene Michlin shares her journey from software development to application security leadership.02:59 - Impact of Developer Background on Security: Discussion on how Irene's developer experience enhances her approach to security.03:54 - Challenges in Security Implementation: Insights into the real-world challenges of integrating security into agile development projects.05:42 - State of the Industry: Irene's perspective on the current state and future of application security.07:40 - Security Theater and Compliance: Addressing the pitfalls of security theater and the role of regulatory demands.09:40 - Reachability Analysis Debate: Pros and cons of reachability analysis in application security.11:44 - Generative AI in Security: Exploring the potential and challenges of AI in enhancing application security practices.13:53 - AI-based Threat Modeling: How AI can be leveraged for effective threat modeling while reducing errors.15:36 - Practical Application of Threat Modeling: Making threat modeling actionable through daily engineering tasks.20:20 - Security Prompts: Introduction of security prompts to integrate threat modeling into development workflows.23:15 - Comprehensive vs. Incremental Threat Modeling: Balancing detailed and incremental approaches for robust security.29:01 - PR Change and Code Scanning: Importance of both PR change scans and full scans in maintaining security.32:34 - Integrating Vulnerability Management and Threat Modeling: Bridging the gap between these two critical aspects of application security.36:00 - Closing Message: Encouragement for security professionals to stay positive and seek mentorship.37:31 - Resources and Contacts: How to connect with Irene and access additional resources. Connect with Irene Michlin Connect with Irene Michlin: LinkedIn | Twitter (Legacy: X)Neo4j Blog: Explore insights on using AI and knowledge graphs for security.Threat Modeling Manifesto: Discover principles and practices in threat modeling. Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42Linkedin: linkedin.com/in/fracipo #CSCP #cybermentoringmonday cybercloudpodcast.com Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/Linkedin: https://www.linkedin.com/...

CSCP S4EP16 - Irene Michlin - Threat Modelling in the age of AIに寄せられたリスナーの声

カスタマーレビュー:以下のタブを選択することで、他のサイトのレビューをご覧になれます。