EP 39 — A Modernized and Scalable Approach to Product Security with Origami Risk’s Prajakta Badhe

In this episode of the Future of Application Security, Harshil speaks with Prajakta Badhe, Head of Product Security at Origami Risk, which provides risk software to the insurance industry. They discuss how product security is different from application security, the ways in which Prajakta evaluates a product’s risk, and why she always gives context as to why a vulnerability needs remediation. They also discuss the security culture at Origami Risk, three steps for building a robust security program, and where AI will fit into product security's future.

Topics discussed:

• The evolution of Prajakta's career, starting as a quality assurance engineer, then leading a team of pen testers at Norton, to now leading product security at Origami Risk.
• The difference between product and application, and how they are "two different pillars" of security.
• What skills, background, and knowledge Prajakta looks for when hiring for product security.
• The two things Prajakta looks at when evaluating a product's risk, and the ways in which to prioritize that risk.
• Why Prajakta creates a list of the organization's unique top ten risks and how she uses that list for training purposes. 
• How to create more meaningful training for developers. 
• Three steps for building a security program, including establishing a baseline, creating ways to scale, and modernizing as you go.
• The reasons why Origami Risk has a strong security culture, and why that's a benefit to all.
• What the future of product security holds, including the benefits and challenges of integrating AI-powered tools.