In this Brand Story episode, hosts Marco and Sean have a thought-provoking discussion with Peter Klimek from Imperva about the concept of "shift left" in application security. Have we gone too far?

The conversation revolves around the challenges and benefits of identifying vulnerabilities earlier in the software development lifecycle and the need for collaboration between development and security teams. Peter emphasizes the importance of finding a balance between tools and human expertise in addressing vulnerabilities. He highlights the common issue of organizations having a backlog of vulnerabilities that need to be fixed, rather than a problem of finding vulnerabilities—it's "easy" to find them, harder to fix them all.

The conversation also touches on the measurement of closure velocity and the significance of development team velocity as a core metric in application security. They discuss the role of APIs, platform engineering, and infrastructure as code in improving collaboration, automation, and trust in systems.

Peter draws a parallel between guardrails on a highway and the need for guardrails in application security, emphasizing the importance of providing development teams with time to address critical vulnerabilities. They also explore the challenges of coordinating multiple teams and the role of operations in orchestrating the development and security processes.

The need for a defensive mindset and the importance of leveraging the guardrails Peter noted to prevent fatal vulnerabilities is also discussed as they emphasize the significance of collaboration, measurement, and a balance between development and security teams in implementing shift left practices effectively.

The episode provides valuable insights into the nuances, challenges, and benefits of integrating shift left practices into application security, while emphasizing the need for collaboration, balance, and the ethical use of tools.

Note: This story contains promotional content. Learn more.

Guest: Peter Klimek, Director of Technology - Office of the CTO at Imperva [@Imperva]

On LinkedIn | https://www.linkedin.com/in/peter-klimek-37588962/

Resources

Learn more about Imperva and their offering: https://itspm.ag/imperva277117988

DevOps Research and Assessment (DORA): https://dora.dev

2023 Imperva Bad Bot Report: https://itspm.ag/impervv0sg

47.4% of internet traffic wasn’t human in 2022! Get the research from @Imperva to learn how bots are taking over the internet.

The Impact Of Log4j Since Its Disclosure | Steps Businesses Can Take To Maintain Software Supply Chain Security:

• Part 1: https://redefining-cybersecurity.simplecast.com/episodes/the-impact-of-log4j-since-its-disclosure-steps-businesses-can-take-to-maintain-software-supply-chain-security-part-1-of-2-an-imperva-story-with-gabi-stapel
• Part 2: https://redefining-cybersecurity.simplecast.com/episodes/why-protecting-your-business-data-is-more-like-securing-a-museum-than-a-bank-demystifying-data-protection-an-imperva-story-with-terry-ray-07mq5xex-q5rc-fw8

From Enrolling In College To Gambling, Traveling, And Shopping, Evasive Bad Bots Are A Major Source Of Online Fraud | The Bad Bot Report 2022 | An Imperva Brand Story With Ryan Windham:

• Part 1: https://redefining-cybersecurity.simplecast.com/episodes/from-enrolling-in-college-to-gambling-traveling-and-shopping-evasive-bad-bots-are-a-major-source-of-online-fraud-the-bad-bot-report-2022-part-1-an-imperva-story-with-ryan-windham
• Part 2: https://redefining-cybersecurity.simplecast.com/episodes/from-enrolling-in-college-to-gambling-traveling-and-shopping-evasive-bad-bots-are-a-major-source-of-online-fraud-the-bad-bot-report-2022-part-2-an-imperva-story-with-ryan-windham

Catch more stories from Imperva at https://www.itspmagazine.com/directory/imperva

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.