In this week’s episode of The Future of Security Operations podcast, Thomas is joined by Matt Johansen. Matt is a security veteran who has helped defend startups, the biggest financial companies in the world, and everything in between. Alongside his day job as Head of Software Security at Reddit, he teaches companies how to protect against cyber attacks, and coaches entrepreneurs and CISOs that need help with infrastructure, application, cloud, and security policies. He also writes Vulnerable U, a weekly newsletter that talks about embracing the power of vulnerability for growth.
Thomas and Matt discuss:
- Moving from a large security team at Bank of America to a small one at Reddit
- Embracing scrappiness and doing more with less
- Overcoming sunk-cost fallacy
- Why the 2014 Sony hack was a pivotal time for AppSec
- Running the threat research centre at White Hat
- What he looks for when hiring in AppSec, the SOC and beyond
- His decision to start creating content about mental health in security
- Moving past imposter syndrome
- Renouncing superhero culture
- Paved paths and guardrails, and what comes next after "shift left"
- Lessons learned from Reddit's 2023 security incident
- The power of automating incident response
The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world’s most important workflows. https://www.tines.com/solutions/security
Where to find Matt Johansen:
Vulnerable U newsletter: https://vulnu.mattjay.com/
Twitter: https://twitter.com/mattjay
LinkedIn: https://www.linkedin.com/in/matthewjohansen/
TikTok: https://www.tiktok.com/@vulnerable_matt
Reddit: https://www.redditinc.com/
mattjay.com: https://www.mattjay.com
Where to find Thomas Kinsella:
Twitter/X: https://twitter.com/thomasksec
LinkedIn: https://www.linkedin.com/in/thomas-kinsella/
Tines: https://www.tines.com/
Resources mentioned:
The Tech Professional's Guide to Mindfulness by Matt Johansen: https://www.mattjay.com/blog/the-tech-professionals-guide-to-mindfulness
Matt's piece on developer experience in the Vulnerable U newsletter: https://vulnu.mattjay.com/p/vulnu-003-courage-quit
Reddit's post on a February 2023 incident: https://www.reddit.com/r/reddit/comments/10y427y/we_had_a_security_incident_heres_what_we_know/
Collaborative Incident Response Best Practices: Don't Rely on Superheroes by Matt Johansen: https://www.mattjay.com/blog/superhero-incident-response
Threat modeling depression by Matt Johansen: https://www.mattjay.com/blog/threat-model-depression
In this episode:
[02:14] Going from long-time Reddit user to employee
[04:50] Running AppSec at Reddit
[07:30] Being the internet's punching bag and boxing gloves
[10:30] Building a team from scratch at White H
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Law & Order: Criminal Justice System - Season 1 & Season 2
Season Two Out Now! Law & Order: Criminal Justice System tells the real stories behind the landmark cases that have shaped how the most dangerous and influential criminals in America are prosecuted. In its second season, the series tackles the threat of terrorism in the United States. From the rise of extremist political groups in the 60s to domestic lone wolves in the modern day, we explore how organizations like the FBI and Joint Terrorism Take Force have evolved to fight back against a multitude of terrorist threats.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com