The Secure Developer

The Secure Developer

www.heavybit.com/library/podcasts/the-secure-developer
A podcast about security for developers, covering tools and best practices.


#42, News Media Security with Kate Whalen of The Guardian
Nov 28 • 23 min
In episode 42 of The Secure Developer, Guy speaks with Kate Whalen, a security engineer at The Guardian, to discuss news media security and advocating security across many teams within a large organization.
#41, Optimizing Team Communication with Sara Dunnack of InVision
Nov 14 • 20 min
In episode 41 of The Secure Developer, Guy talks with Sara Dunnack, a security engineer at InVision. They discuss methods for improving communication between DevSecOps, AppSec, and Engineering teams within an organization.
#40, Large-Scale Digital Transformation with Brian Sodano of Liberty Mutual
Oct 31 • 32 min
In episode 40 of The Secure Developer, Guy speaks with Brian Sodano, Director of Engineering at Liberty Mutual Insurance. They unpack what happens to security when a company goes through a large-scale digital transformation, and ruminate on the future of…
#39, Build, Break, and Defend with Mohan Yelnadu of Prudential
Oct 17
In episode 39 of The Secure Developer, Guy is joined by Mohan Yelnadu, Head of AppSec at Prudential. They discuss Mohan’s journey from pen tester to DevSecOps consultant, security threat modeling, and his 6 principles of continuous security.
#38, You Own It, You Secure It with Andy Ellis of Akamai
Oct 3 • 40 min
In episode 38 of The Secure Developer, Guy speaks with Andy Ellis, CSO of Akamai. They discuss streamlining customer assurance, the role of an incidents coordinator, and the value of transparency between a security company and their associates.
#37, Security Transformation with James Kaplan of McKinsey & Company
Sep 19 • 38 min
In episode 37 of The Secure Developer, Guy speaks with James Kaplan of McKinsey & Co. James describes his journey into the telecommunications industry, and how many longstanding companies must reevaluate security practices when going through a digital…
#36, Holistic Security with Peter Oehlert of Smartsheet
Sep 5 • 40 min
In episode 36 of The Secure Developer, Guy is joined by Peter Oehlert of Smartsheet. They discuss holistic security approaches, understanding various categories of risk, and how the different teams in a large organization can work together to improve…
#35, Secure Coding in C/C++ with Robert C. Seacord of NCC Group
Jul 25 • 28 min
In episode 35 of The Secure Developer, Guy is joined by Robert C. Seacord of NCC Group, who champions the continued practice of coding security in C and C++, and offers practical advantages to using various programming languages in the Agile era.
#34, Positive Security with Siren Hofvander of Cybercom
Jul 11 • 35 min
In episode 34 of The Secure Developer, Guy speaks with Siren Hofvander of Cybercom about her enlightening journey from the digital medical space to running a secure developer consulting team, as well as her empathy-driven ethos in the one-size-fits-all…
#33, Engineering Teams with Leif Dreizler and Eric Ellett of Segment
Jun 28 • 35 min
In episode 33 of The Secure Developer, Guy is joined by Leif Dreizler and Eric Ellett of Segment. They discuss motivating security teams, the importance of investing time in your business relationships, and the longterm rewards of proper security training.
#32, Security and Compliance with Duncan Godfrey of Auth0
Jun 13 • 33 min
In episode 32 of The Secure Developer, Duncan Godfrey from Auth0 speaks with Guy about his journey into security. Duncan also shares great insights into staying secure and compliant in a fast moving environment.
#31, Evangelizing Security with Tanya Janca of Microsoft
May 30 • 46 min
In episode 31 of The Secure Developer, Guy is joined by Tanya Janca, Cloud Advocate at Microsoft. Tanya shares insights, from her early days leading software teams for the Canadian government, to evangelizing software security at Microsoft.
#30, Improving Security Culture with Justin Somaini
May 16 • 36 min
In episode 30 of The Secure Developer, Guy speaks with Justin Somaini, a security industry leader and Founder of Somaini LLC. They discuss how security theory has changed over the past 25 years, and how AppSec can be improved by educating the developer…
#29, The State of Open Source & Docker Security
May 2 • 27 min
In episode 29 of The Secure Developer, Guy sits down with Liran Tal, Developer Advocate at Snyk, to discuss the state of open source, Docker security, and developer infrastructure.
#28, Developer Empathy with Jason Chan of Netflix
Apr 18 • 36 min
In episode 28 of The Secure Developer, Guy is joined by Jason Chan of Netflix to discuss simplifying the security process for software developers, as well as some of the open source projects Netflix has shared with the community.
#27, Open Source Security with Jeff McAffer of Microsoft
Apr 4 • 31 min
In episode 27 of The Secure Developer, Guy is joined by Jeff McAffer, director of Microsoft’s Open Source Programs Office, who shares his insights on how to keep open source projects sustainable and secure for the whole community.
#26, Security Education with Jim Manico
Mar 21 • 39 min
In episode 26 of The Secure Developer, Guy is joined by Jim Manico, founder of Manicode Security, to discuss insights from his long career as a security educator, and to explore the importance of developer training in AppSec.
#25, Golden Images with Simon Bennett of Bitnami
Mar 14 • 41 min
In episode 25 of The Secure Developer, Guy meets with Simon Bennett, VP Product at Bitnami, to discuss golden images, image layering, and how Bitnami helps accelerate application delivery across multiple clouds.
#24, Application Security with Omer Levi Hevroni
Jan 24 • 38 min
In episode 24 of The Secure Developer, Guy is joined by Omer Levi Hevroni, DevSecOps Engineer at Soluto, to discuss application security, OWASP, security ‘mavens,’ and more.
#23, Automation with One Medical’s Zach Powers
Nov 20, 2018 • 36 min
In episode 23 of The Secure Developer, Guy speaks with Zach Powers, CISO of One Medical, to discuss the evolution of security at One Medical, what he looks for when hiring for his team, and why automation is a must.
#22, Authentication with Yubico’s Stina Ehrensvärd
Nov 1, 2018 • 29 min
In episode 22 of The Secure Developer, Guy meets with Stina Ehrensvärd, founder and CEO of Yubico, to explore how hardware solutions like YubiKey can be an effective approach to authentication and security.
#21, Managing Security with Cybersecurity Leader and DevSecOps Practitioner Julie Tsai
Oct 16, 2018 • 27 min
In episode 21 of The Secure Developer, Guy meets with Julie Tsai, Cybersecurity Leader and DevSecOps Practitioner Julie Tsai, to discuss ways to manage secure systems and bridge the gap between security and DevOps.
#20, Using ThreadFix with Dan Cornell of Denim Group
Sep 20, 2018 • 36 min
In episode 20 of The Secure Developer, Guy speaks to Dan Cornell, CTO of Denim Group, the developer security firm behind ThreadFix, a vulnerability resolution platform.
#19, Measuring Security with Allison Miller
Aug 28, 2018 • 35 min
In episode 19 of The Secure Developer, Guy meets with Allison Miller to discuss the ways technology and security have intersected throughout her career.
#18, Collaborative Security with HackerOne’s Marten Mickos
Jun 21, 2018 • 38 min
In episode 18 of The Secure Developer, Guy meets with Marten Mickos, CEO of HackerOne, a platform for vulnerability coordination and a bug bounty program that helps developers test and build more secure systems.
#17, Security Research with The Morning Paper’s Adrian Colyer
Jun 6, 2018 • 50 min
In episode 17 of The Secure Developer, Guy meets up with Adrian Colyer, Venture Partner at Accel and author of The Morning Paper, a daily recap of academic articles in computer science. The pair investigates how researchers are discovering new…
#16, Security Training with Elevate’s Masha Sedova
May 15, 2018 • 36 min
In episode 16 of The Secure Developer, Guy is joined by Masha Sedova, co-founder of Elevate Security, to discuss how training for employees (even developers) can help companies stay one step ahead of the pack when it comes to preventing a breach.
#15, Enterprise Security with RedMonk’s James Governor
May 1, 2018 • 36 min
In episode 15 of The Secure Developer, Guy is joined by James Governor, Analyst and Co-founder of RedMonk, a developer-focused industry analyst firm. The pair discusses multiple ways that companies can be incentivized, and how they can incentivize others,…
#14, How Slack Stays Secure During Hyper Growth
Jan 18, 2018 • 39 min
In the latest episode of The Secure Developer, Guy is joined by Geoff Belknap, Chief Security Officer at Slack. Geoff discusses what drew him into security and reveals why it’s critical for security teams to be recognized as a full-fledged member of…
#13, How New Relic Does Security
Oct 3, 2017 • 33 min
In the latest episode of The Secure Developer, Guy is joined by Shaun Gordon, Chief Security Officer at New Relic. Shaun tells us how he got into a career in security and explains how the role of security has evolved at New Relic.
#12, Keeping Cloud Foundry Secure
Sep 19, 2017 • 31 min
In the latest episode of The Secure Developer, Guy is joined by Molly Crowther from Pivotal. Molly discusses her role in managing security at Cloud Foundry, an open source cloud platform on which developers can build, deploy and run applications.
#11, Keeping PagerDuty Secure
Jun 14, 2017 • 40 min
In the latest episode of The Secure Developer, Guy is joined by Arup Chakrabarti, Kevin Babcock and Rich Adams from PagerDuty. They discuss how they put into practice their security vision of “making it easy to do the right thing”.
#10, Dynamic Authorization: The Evolution of Access Controls
Apr 28, 2017 • 26 min
In the latest episode of The Secure Developer, Guy is joined by Aren Sandersen. They examine the current state of access control systems and discuss the need for better education and tooling to support time-bound dynamic access control.
#9, Making Security More Inclusive
Mar 20, 2017 • 30 min
In the latest episode of The Secure Developer, Francois Raynaud joins Guy to discuss the current state of IT security, and steps to improve it at your startup.
#8, What’s In A Security Policy?
Feb 16, 2017 • 32 min
In this episode of The Secure Developer, Geva Solomonovich, COO at Snyk and founder of Snowy Peak Security joins Guy to discuss security policies, and why you shouldn’t wait to implement your own.
#7, Understanding Container Security
Jan 30, 2017 • 29 min
In this episode of The Secure Developer, Ben Bernstein from Twistlock joins Guy to discuss container security. Are you currently using containers, or thinking about moving to containers in your stack? You won’t want to miss this episode.
#6, Developer War Games: Capture The Flag!
Jan 10, 2017 • 22 min
In episode #6 of The Secure Developer, Guy is joined by his Snyk.io co-founder Danny Grander for an in depth discussion on CTF (Capture The Flag) competitions in the security world. Learn about the differences between jeopardy style and attack-defense…
#5, Continuous Security at Chef
Nov 15, 2016 • 42 min
In the fifth installment of The Secure Developer, Guy talks with Chef CTO Adam Jacob about the role security can play in DevOps and continuous integration/deployment. They cover the differences between baked-in and bolted on security and how automation…
#4, Getting Down To The Metal
Nov 5, 2016 • 47 min
In episode #4 of The Secure Developer, Guy is joined by Eric Lawrence of the Google Chrome security team. Eric and Guy begin with a discussion on what it takes to be a great security engineer - namely curiosity and a willingness to learn. Later they…
#3, Security From The Start
Oct 26, 2016 • 34 min
In episode 3 of The Secure Developer, Guy is joined by Sabin Thomas, VP of Engineering at Codiscope, where he creates tools that help developers build and deploy secure code faster. The two discuss the difficulties presented by the accelerating release of…
#2, Making Security A Requirement
Oct 10, 2016 • 27 min
In this episode of The Secure Developer, Guy hosts RisingStack Founder and CEO Gergely Nemeth. The pair discuss the difficulties of selling security as a requirement, some of the most common attack vectors used on today’s web, and finally about the work…
#1, Prioritizing Secure Development
Sep 22, 2016 • 28 min
In our first episode, Guy is joined by Kyle Randolph, Principal Security Engineer at Optimizely. Kyle and Guy discuss the sometimes difficult but always important task of prioritizing security in your engineering organization. Kyle shares stories from his…