Tuesday May 31, 2022
EP6 - Allan Swanepoel: How Automation Can Help Developers Think of Security as an Actuator
This modern SDLC has really exacerbated the fractured relationship between developers and security. Often security is frustrated that developers cannot deliver on their laundry list of asks, and in turn, developers are sick of the legacy application security ways that slow down progress.
To scale at the speed of DevOps, organizations have to eliminate this friction and improve the relationship between developers and security.
Our guest today is Allan Swanepoel and during this episode, he’ll teach us exactly how we can do that by bringing the power of automation to your application security program. Allan has a deep understanding of both sides of this issue — for many years he was on the development side before moving over to security after observing the lack of automation that existed in security workflows and processes.
Topics discussed in this episode:
- Why organizations need to embrace a policy-driven prioritization approach to managing security.
- Why eliminating the friction between developers and security begins with culture.
- How security teams can get developers to adopt and use security tools.
- Why organizations hiring security engineers only to have them handling things like Jira tickets is a tremendous waste of talent and resources.
- How to build an automation mindset within your security team.
- How security teams can balance automating key workflows with the normal day to day fires.
- Security lessons from Allan’s time focused on infrastructure-as-code and infrastructure automation.
Additional resources:
Lessons from integrating third party library scanning in DevOps workflow - AppSecUSA 2018 (Keynote that Harshil referenced in the episode).
Comments (0)
To leave or reply to comments, please download free Podbean or
No Comments
To leave or reply to comments,
please download free Podbean App.