EP 38 — Avalara’s Anthony Ungerman on the Imperative for Security-Minded Organizations

In this episode of the Future of Application Security, Harshil speaks with Anthony Ungerman, VP Product Security at Avalara, a tax software company. They discuss what product security encompasses beyond application security, how the security team at Avalara works with engineers, and how they articulate business value to increase security implementation. They also discuss security automation, approaches for security training, and what's in store for the future of product security.

Topics discussed:

• The evolution of Anthony's career as a "lifelong computer junkie," including how he was introduced to security, and how he learned security by practicing on his kids' web traffic. 
• How Anthony defines product security, why it's broader than application security, and what it encompasses.
• How Avalara's security team works with the engineering team, and how they leverage security champions to implement security initiatives.
• How security-mindedness is expanding, from the boardroom to customers, prompted by data privacy regulation like EU GDPR and the edicts from the White House.
• How to get more security buy-in by being able to explain how initiatives tie back to business objectives.
• A summary of articles Anthony wrote about how to automate application security programs.
• What types of training they're offering to ramp engineers up on security best practices — and what consequences are in place if they don't complete training.
• How the future of product security will be shaped by privacy regulations, generative learning, and all-encompassing dashboards.