EP 26 — Derek Fisher: How Envestnet Scales Product Security

In this episode of the Future of Application Security, Harshil speaks with Derek Fisher, the Head of Product Security at Envestnet, a publicly traded financial technology company that connects people's daily financial decisions with their long-term financial goals. Derek is a highly accomplished professional with an exceptional track record in engineering and information security. With his experience as an award-winning author, speaker, leader, and university instructor, Derek provides valuable insights into the world of application security and risk management.

Key topics discussed:

• The step-by-step approach to build a mature application security program.
• Utilizing tools like dynamic scanners and software composition for vulnerability management.
• Collaboration with product and engineering teams to stay informed about upcoming changes.
• Importance of early involvement in the development lifecycle to enhance security.
• The role of enterprise architecture teams in the application security process.
• Challenges in tracking and responding to development team activities in agile environments.

Resources mentioned:

• Derek's book, "The Application Security Program Handbook"
• Derek's children's book, "Alicia Connected"