In this episode of the Future of Application Security, Harshil speaks with Jacob Salassi, Director, Product Security at Snowflake, a cloud computing and data management company. They discuss how Snowflake approaches product security — from what they expect engineers and developers to do, to their risk-based reporting — and why Jacob takes a scientific approach to it. They also discuss how Jacob's team creates property graphs to better understand risk flows and what to prioritize, automated threat detection, how they're writing more intelligent detections at scale, and the challenges of big data to product security.
Topics discussed:
- How Snowflake approaches product security, including:
- How they build autonomy for engineers through repeatable processes
- How they optimize for business value and not just security outcomes, and
- Why they take a quantitative risk-based reporting approach
- Why Jacob takes a "science, not art" approach to product security, and why he defines product security as anything related to the security posture of the service.
- The ways in which data- at- scale and disparate data sources prove to be a challenge for threat detection, and why security teams can benefit from pulling together those sources so they can uniformly analyze data across systems.
- How Jacob's team created and scaled a repeatable and structured method to risk assess every new feature that's being shipped.
- How this method of risk assessment and scoring helps uncover dynamics in their environment, gives developers better prioritization of their work, and enables automated threat detection.
- Challenges to the observability problem of who can own and access data, how many people are ingesting APIs, how much it's costing, and other access concerns.
- The ways in which they're communicating KPIs and risk posture through live dashboards, and how they're thinking about powering quantitative risk analysis and forecasting through those dashboards.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
Are You A Charlotte?
In 1997, actress Kristin Davis’ life was forever changed when she took on the role of Charlotte York in Sex and the City. As we watched Carrie, Samantha, Miranda and Charlotte navigate relationships in NYC, the show helped push once unacceptable conversation topics out of the shadows and altered the narrative around women and sex. We all saw ourselves in them as they searched for fulfillment in life, sex and friendships. Now, Kristin Davis wants to connect with you, the fans, and share untold stories and all the behind the scenes. Together, with Kristin and special guests, what will begin with Sex and the City will evolve into talks about themes that are still so relevant today. "Are you a Charlotte?" is much more than just rewatching this beloved show, it brings the past and the present together as we talk with heart, humor and of course some optimism.