Wednesday May 31, 2023

EP 33 — Democratizing Security and Implementing Change with Twilio’s Ariel Shin

In this episode of the Future of Application Security, Harshil speaks with Ariel Shin, Senior Product Security Engineer at Twilio, a company that provides businesses the tools to connect with customers through automated messaging. Ariel shares the story of how she implemented a democratized, centralized vulnerability management program at Twilio, which included conducting interviews to gauge the current state of vulnerability management, designing a new process that got everyone on the same page, getting buy-in by going on a roadshow across the company, and how they're currently managing the program after rollout.

Topics discussed:

  • Ariel's journey through Twilo's acquisition of Segment, going from a culture of a few hundred developers to a few thousand building many different projects.
  • How Ariel designed and implemented a democratized, centralized vulnerability management process by getting buy-in from security, engineering, and leadership, and socializing the process.
  • The importance of a centralized vulnerability management process to reduce confusion and easily see all vulnerabilities in one place, and how to make risk everyone's responsibility.
  • How, in order to uncover problems to address, Ariel interviewed security team members, developers, engineers, and other stakeholders, and created a flowchart of the current state of vulnerability management.
  • The necessity of approaching security holistically, and not thinking about security just in terms of the industries or silos created in an organization.
  • Identifying the pain points of an organization's security approach, and how to use those pain points to articulate the change needed for an organization.
  • How Ariel rolled out the new vulnerability management program through a roadshow across the organization, articulating what the changes were and how they improved security to increase buy-in.
  • How Ariel and the security team created three dashboards so stakeholders could better understand their security posture: one for ticket triage, one for engineers to understand the tickets, and the third for leadership.

Comments (0)

To leave or reply to comments, please download free Podbean or

No Comments

Copyright 2022 All rights reserved.

Podcast Powered By Podbean

Version: 20241125