This week, Jeffrey is joined by Troy Vinson; a Principal Software Architect at Clear Measure as a CISSP (Certified Information System Security Professional.) He is an experienced leader, architect, and problem-solver in Information Systems Security and Software Development technologies and has spent the majority of his career integrating computer science, information science, and cognitive science to assist in software development and the management of information.

 

With October being CyberSecurity Awareness Month, Troy gives a rundown on everything that developers and development teams need to know regarding security, how to become more cyber security aware, the top ten web application security risks you need to look out for, how to keep your environment secure regardless or where you’re working from, and what you can putting in place today to improve your cyber security.

 

Topics of Discussion:

[:39] About The Azure DevOps Podcast, Clear Measure; the new video podcast Architect Tips; and Jeffrey’s offer to speak at virtual user groups.

[1:11] About today’s episode with Troy Vinson!

[1:23] Jeffrey welcomes Troy to the podcast.

[1:30] What is CISSP?

[2:53] Troy shares his career highlights and the path that led him to his current role in cyber security.

[4:39] Why is October Cybersecurity Awareness Month?

[6:18] What developers should be aware of when setting up a connected environment for themselves at home.

[8:47] Troy’s favorite VPN services.

[10:08] Best practice: Always work from a VPN, especially as a developer working from a public place.

[10:25] What developers should keep in mind about source code when it comes to cyber security.

[12:32] How to keep documents (that don’t quite fit in a source control repository) secure.

[14:31] Troy highlights important security architecture models of practice.

[15:56] How is the STRIDE model applicable?

[17:59] A word from The Azure DevOps Podcast’s sponsor: Clear Measure.

[18:30] What is repudiation in the STRIDE model referring to? What is it in code changes? When is it necessary?

[20:22] Are there test suites that developers can use to augment their functional tests that check for security measures?

[23:16] Should development teams hire third parties to do audits versus doing it in-house?

[24:36] What OWASP Top Ten is and why all of your engineers should be trained on it.

[26:15] Is there a comprehensive list of web application security risks?

[27:28] Troy highlights the importance of #6 on the OWASP Top Ten list: vulnerable and outdated components.

[29:15] Rules of thumb regarding security for development teams when it comes to deployment and configuring environments

[30:56] Free online courses for cyber security awareness that you can share with family members and friends.

[33:52] Jeffrey thanks Troy Vinson for joining the podcast!

 

Mentioned in this Episode:

Architect Tips — New video podcast!

Azure DevOps

Clear Measure (Sponsor)

.NET DevOps for Azure: A Developer’s Guide to DevOps Architecture the Right Way, by Jeffrey Palermo — Available on Amazon!

bit.ly/dotnetdevopsebook — Click here to download the .NET DevOps for Azure ebook!

Jeffrey Palermo’s YouTube

Jeffrey Palermo’s Twitter — Follow to stay informed about future events!

DEVintersection Conference — Dec. 7th‒9th in Las Vegas, Nevada

Cybersecurity Awareness Month | CISA

Cybersecurity Awareness Month | National Cybersecurity Alliance (NCSA)

NordVPN

ExpressVPN

STRIDE Model

GitHub

DevSecOps

SharePoint

One Drive

Azure Front Door

Azure Application Gateway

FxCop

Roslyn

Sonarqube

OWASP Top Ten

Top 25 Most Dangerous Software Errors CWE/SANS

2021 CWE Top 25 Most Dangerous Software Weaknesses

 

Want to Learn More?

Visit AzureDevOps.Show for show notes and additional episodes.