EP 50 — DryRun Security’s James Wickett on Aligning Incentives and Speaking the Same Language with Developers and Security

In this special episode of the Future of Application Security, recorded at the Developers & Security are Friends Day, Eric speaks with James Wickett, co-founder and CEO of DryRun Security, a company that provides security products for developers. They discuss the misaligned incentives between developers and security and how teams can learn how to speak the same language to increase value. They also talk about how the SLIDE Model helps with context analysis, why you should focus less on control and more on context and composition in your security, and how organizations can close their knowledge gaps.

Topics discussed:

• Some of the frictions between security and developers, including how incentives are often misaligned and how each team has a different focus.
• How to talk the same language so that security and developers can build relationships that bring value to their organizations.
• What the SLIDE Model is and how it can help you better understand the context of your security actions and your priorities.
• How organizations can fill in their knowledge gaps and why it's key to return to first principles in a world of automation and tooling.
• How security impacts an organization through control, composition, and context, and why organizations should lessen their dependence on control.
• How security is like barbeque, and why Oklahoma is a great analogy for a DevSec model.