This episode features an interview with Terry O’Daniel, Acting Head of Security at Amplitude. Amplitude is a product analytics platform that helps businesses to track visitors with the help of collaborative analytics. Terry joined the company in October of 2022 as Head of GRC. Prior to Amplitude, he led Governance, Risk, and Compliance within Infrastructure Engineering at Instacart. On this episode, Terry and host Tim Chase discuss the failed promise of DevSecOps, aligning with business objectives, and how to translate security into dollars.
Key Quotes
*“I think at the end of the day, risk quantification is not very sexy. I understand. But we tie ourselves in knots in security doing this interpretive dance for the board of red, yellow, green, and ‘Here's what it means,’ and bibbety boo. And businesses don't run on interpretive dance. They run on dollars. And until we can come to the table like grownups with the rest of the grownups running our function and saying, ‘Here's the risk in dollars, here's the investment in dollars, here's the risk mitigation we're gonna realize in dollars,’ that's the key, right? We have to be able to talk the language of business to be successful and be taken seriously as business partners.”
*”There's a tax that's required in actually moving left. Shifting left involves having smaller pieces and smaller interruptions more frequently in the worst case, rather than having a single showstopping event at the end.”
*”Devs don't report to us. They have their own leaders and they have their own goals. We don't control engineering. But we can give them the context. We can help them understand the context for making better risk aware decisions.”
*“If you're a SaaS company, your CISO has to be technical. At the core, your CISO is not only protecting your people and your work systems and your SDLC, they also are inherently predicting the risk of your product and that B2B relationship. So I think traditional industries still can get a huge degree of value out of hiring a CISO who comes from a strong risk and governance background. But if you're an engineering-first company that's building neat stuff, if your CISO doesn't have the finger on the pulse of that, I think they're inherently hampered from their ability to help the company shift left.”
Time Stamps
[1:24] The failed promise of DevSecOps
[4:15] Why is shifting left so hard?
[8:39] Why is continuous improvement a key part of DevSecOps?
[11:30] How can security goals align with business objectives?
[13:49] How important is leadership in DevOps?
[17:32] How did Terry transition from engineering into security?
[22:28] Is it more effective for a CISO to come from a GRC background or an engineering background?
[26:08] What’s been Terry’s biggest learning of his career?
[34:05] What’s one tool Terry can’t live without?
Links
Connect with Terry on LinkedIn
This podcast is brought to you by Lacework, the leading data-driven cloud-native application protection platform. Lacework is trusted by nearly 1,000 global innovators to secure the cloud from build to run. Lacework delivers true end-to-end protection, empowering customers to prioritize risks, find known and unknown threats faster, achieve continuous cloud compliance, and work smarter–not harder–all from one unified platform. Learn more at Lacework.com.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
Ridiculous History
History is beautiful, brutal and, often, ridiculous. Join Ben Bowlin and Noel Brown as they dive into some of the weirdest stories from across the span of human civilization in Ridiculous History, a podcast by iHeartRadio.