Will AI replace the role of product security? How do you start an application security program and write a book about it? One of the best Application Security mind Derek Fisher is with us today.

 

Join us on a captivating journey as Derek, a mastermind in product security and a prolific author, shares his expertise on setting up a fortified application security program. We start by unraveling the critical first steps, emphasizing the value of understanding your organization's current cybersecurity landscape and the unique risks it faces. Listen in as we discuss the significance of collaboration between security and engineering teams to pinpoint vulnerabilities and fortify our digital defenses.

The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence.

In our thought-provoking conversation, we tackle the concept of product ownership and the dynamic nature of risk assessment. Derek enlightens us on the challenges of aligning business acumen with technological realities in the context of application security. We also engage in a spirited debate about the various forms of code analysis and the significance of exploitability in the management of risk. It's a discussion that balances the technical intricacies with strategic insights, essential for anyone invested in securing their products. Shifting gears, we explore the innovative realm of 'shifting smart' in application security, moving beyond the traditional 'shift left' paradigm. Discover the benefits and limitations of integrating security tools early in the development cycle and the vital role dynamic environments play in unearthing actionable vulnerabilities. Wrapping up, we delve into the exciting and complex intersection of AI and cybersecurity, pondering the dual-edged sword of advanced technologies like generative AI. Derek offers a nuanced perspective on the future of secure coding and vulnerability management, a must-listen for anyone navigating the evolving cybersecurity landscape.  

Tune in to this enlightening episode to equip yourself with the knowledge and insights needed to navigate the evolving landscape of cybersecurity.

• 00:02: Introduction to Cybersecurity and Cloud Podcast
• 00:55: The Essence of Application Security Programs
• 02:19: Journey to Authoring on Application Security
• 02:38: Building a Robust Application Security Program
• 03:36: Application Security: A Collaborative Effort
• 04:22: Assessment and Direction in Application Security Programs
• 06:52: The Role of Software Bill of Materials (SBOM) in Cybersecurity
• 09:32: Defining a Product in the Context of Application Security
• 13:23: Enhancing Software Security Supply Chain Visibility
• 15:35: Understanding Product Risks and Vulnerability Management
• 18:31: Evolving Application Security Techniques: SAST, DAST, RASP
• 27:32: AI's Role in Application Security and Beyond
• 25:07: Encouraging Secure Online Practices Among Young Users
• 30:33: The Future of AI in Cybersecurity
• 32:33: Closing Thoughts and Positive Outlook for Cybersecurity Professionals

 

Derek Fisher

• Linkedin: https://www.linkedin.com/in/derek-fisher-sec-arch/ 
• Application Security Program Handbook: A Guide for Software Engineers and Team Leadershttps://www.amaz