Sign up to save your podcasts
Or
Share Automating Developer Security and Compliance
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Automating Developer Security and Compliance
Matt Spitz (@mattspitz, Head of Engineering at @TrustVanta) talks about the challenges of developer security and compliance.
SHOW: 753
CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotw
NEW TO CLOUD? CHECK OUT - "CLOUDCAST BASICS"
SHOW SPONSORS:
- Find "Breaking Analysis Podcast with Dave Vellante" on Apple, Google and Spotify
- Keep up to data with Enterprise Tech with theCUBE
- Reduce the complexities of protecting your workloads and applications in a multi-cloud environment. Panoptica provides comprehensive cloud workload protection integrated with API security to protect the entire application lifecycle. Learn more about Panoptica at panoptica.app
SHOW NOTES:
- Vanta (homepage)
Topic 1 - Welcome to the show. Tell us a little bit about your background. What made you join Vanta and did your experience at Dropbox factor into this decision?
Topic 2 - Our topic today is developer security and compliance. Let’s start by helping our listeners understand the problem. We hear all the time about developers wanting to go fast. Things like security and compliance can be an afterthought. Do you agree and is this the root of the problem or is it something else?
Topic 3 - Most organizations, especially smaller orgs or startups just getting going, they just want to get to MVP, what advice to you have for them in building security and compliance into their CI/CD pipelines so this becomes more programmatic?
Topic 4 - Security is certainly one angle, but probably just as important, if not more so is compliance. To make it slightly more difficult, compliance can mean many different things based on geography (SOC in US for instance). How do organizations staff for this and keep up with regulation changes? Or, maybe on the flip side, is this a common area where they are understaffed and need outside assistance?
Topic 5 - In security and compliance worlds there is often the concept of identification and discovery as one part, but remediation as the second part. Where and how does Vanta work with organizations to solve for both vectors?
Topic 6 - Automation, especially into CI/CD pipelines seems like a no-brainer here, but I would also add is this an area where AI/ML will come into play in the future?
Topic 7 - If folks want to dig in and learn more, how do you suggest they get started?
FEEDBACK?
- Email: show at the cloudcast dot net
- Twitter: @thecloudcastnet
View all episodes
By Massive Studios
4.6
147147 ratings
Matt Spitz (@mattspitz, Head of Engineering at @TrustVanta) talks about the challenges of developer security and compliance.
SHOW: 753
CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotw
NEW TO CLOUD? CHECK OUT - "CLOUDCAST BASICS"
SHOW SPONSORS:
- Find "Breaking Analysis Podcast with Dave Vellante" on Apple, Google and Spotify
- Keep up to data with Enterprise Tech with theCUBE
- Reduce the complexities of protecting your workloads and applications in a multi-cloud environment. Panoptica provides comprehensive cloud workload protection integrated with API security to protect the entire application lifecycle. Learn more about Panoptica at panoptica.app
SHOW NOTES:
- Vanta (homepage)
Topic 1 - Welcome to the show. Tell us a little bit about your background. What made you join Vanta and did your experience at Dropbox factor into this decision?
Topic 2 - Our topic today is developer security and compliance. Let’s start by helping our listeners understand the problem. We hear all the time about developers wanting to go fast. Things like security and compliance can be an afterthought. Do you agree and is this the root of the problem or is it something else?
Topic 3 - Most organizations, especially smaller orgs or startups just getting going, they just want to get to MVP, what advice to you have for them in building security and compliance into their CI/CD pipelines so this becomes more programmatic?
Topic 4 - Security is certainly one angle, but probably just as important, if not more so is compliance. To make it slightly more difficult, compliance can mean many different things based on geography (SOC in US for instance). How do organizations staff for this and keep up with regulation changes? Or, maybe on the flip side, is this a common area where they are understaffed and need outside assistance?
Topic 5 - In security and compliance worlds there is often the concept of identification and discovery as one part, but remediation as the second part. Where and how does Vanta work with organizations to solve for both vectors?
Topic 6 - Automation, especially into CI/CD pipelines seems like a no-brainer here, but I would also add is this an area where AI/ML will come into play in the future?
Topic 7 - If folks want to dig in and learn more, how do you suggest they get started?
FEEDBACK?
- Email: show at the cloudcast dot net
- Twitter: @thecloudcastnet
More shows like The Cloudcast
View all
Hanselminutes with Scott Hanselman
377 Listeners
Software Engineering Radio - the podcast for professional software developers
272 Listeners
The Changelog: Software Development, Open Source
282 Listeners
a16z Podcast
1,011 Listeners
Thoughtworks Technology Podcast
42 Listeners
Talk Python To Me
590 Listeners
Software Engineering Daily
626 Listeners
AWS Podcast
203 Listeners
Gartner ThinkCast
110 Listeners
DataFramed
265 Listeners
Kubernetes Podcast from Google
181 Listeners
Practical AI
189 Listeners
The Stack Overflow Podcast
64 Listeners
The Real Python Podcast
140 Listeners
The Pragmatic Engineer
52 Listeners