TechSpective Podcast Episode 092
CISOs are tasked with a balancing act that is often difficult to achieve–delivering quality apps quickly without sacrificing security. Traditionally, organizations tend to lean toward the speed to market side of that equation at the expense of security, but the attack surface and threat landscape continue to expand and organizations are more aware of the security risks they face. They are also aware of the business and financial consequences of failing at cybersecurity.
Bill Mann, CEO of Styra, joins me on this episode of the TechSpective Podcast to talk about this challenge. Mann stresses that one of the keys to managing the balance is automation and DevSecOps. The cycle of continuous integration and continuous deployment provides a quick feedback loop and offers developers the opportunity to quickly address issues and resolve any identified security concerns in days or even hours rather than weeks or months.
We also chat about Styra’s open source project–Open Policy Agent–and security concerns around open-source applications and code. The theory suggests that open-source code is more secure because anyone can view it so it has more eyeballs scrutinizing it, but that assumes that there are people identifying and resolving issues even though nobody is technically “responsible” for doing so.
Check out the full episode for more about some of the issues and challenges organizations face, and how automating policy management and enforcement, along with other automation and DevSecOps practices can help organizations ensure they get apps to market quickly while ensuring they’re secure at the same time.
The podcast itself is audio-only, but the video of our conversation is also available on YouTube if you prefer:
Please ask questions and share your thoughts on the topic in the comments below. Also, please subscribe to the TechSpective Podcast through your favorite podcast platform and share the podcast with your peers and friends.
If you enjoy the podcast, I would also be grateful if you could take 2 minutes to rate and review the podcast on iTunes or wherever you listen.
- Julie Smith Shares Identity Security Guidance for 2023 - January 19, 2023
- Mark Thomas Talks about Threat Hunting - January 5, 2023
- Malcom Harkins Talks about Ethical and Legal Obligations of the CISO - October 20, 2022