Sign up to save your podcasts
Or
Share Prioritizing Secure Development With Kyle Randolph
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Prioritizing Secure Development With Kyle Randolph
Episode Summary
In our first episode, Guy is joined by Kyle Randolph, Principal Security Engineer at Optimizely. Kyle and Guy discuss the sometimes challenging but always important task of prioritizing security in your engineering organization. Kyle shares stories from his time at Optimizely, Adobe, and Twitter.
Show Notes
In this insightful episode, we welcome Kyle Randolph, an experienced security professional from Optimizely, to share his wealth of knowledge on establishing an effective application security (AppSec) system. With an impressive background in security at companies like Citrix, Adobe, and Twitter, Kyle holds a deep understanding of building security from scratch and safeguarding existing systems. The conversation draws attention to the importance of fostering a security-based culture within engineering teams, enabling engineers to take ownership of security concerns, and promoting security practices through relevant, real-life stories.
Kyle's approach goes beyond merely fixing security bugs; it's about 'baking in' security from the outset. Coupling security considerations with product development, Kyle highlights the role of automation, mentioning tools like Spinnaker and AWS that help incorporate security measures seamlessly into product development. He vividly illustrates the success of these methods through examples at Optimizely, where they have managed to eliminate vulnerabilities like cross-site scripting in their tech infrastructure.
The discussion also broaches the challenges associated with prioritizing security tasks, especially during resource constraints. For such scenarios, Kyle emphasizes maintaining a transparent system that records all security issues so that they're addressed comprehensively. Listeners will find this episode particularly valuable as it delves into both the successful strategies and the challenges associated with integrating security into the architectural fabric of product development.
Links
- Building Security In Maturity Model (BSIMM)
- OWASP (Open Web Application Security Project)
- Amazon Web Services (AWS)
- Cloud Formation (AWS service)
- Spinnaker (Open-source, multi-cloud continuous delivery platform)
- Snyk (Open-source security platform)
Follow Us
- Our Website
- Our LinkedIn
View all episodes
By Snyk
4.7
2121 ratings
Episode Summary
In our first episode, Guy is joined by Kyle Randolph, Principal Security Engineer at Optimizely. Kyle and Guy discuss the sometimes challenging but always important task of prioritizing security in your engineering organization. Kyle shares stories from his time at Optimizely, Adobe, and Twitter.
Show Notes
In this insightful episode, we welcome Kyle Randolph, an experienced security professional from Optimizely, to share his wealth of knowledge on establishing an effective application security (AppSec) system. With an impressive background in security at companies like Citrix, Adobe, and Twitter, Kyle holds a deep understanding of building security from scratch and safeguarding existing systems. The conversation draws attention to the importance of fostering a security-based culture within engineering teams, enabling engineers to take ownership of security concerns, and promoting security practices through relevant, real-life stories.
Kyle's approach goes beyond merely fixing security bugs; it's about 'baking in' security from the outset. Coupling security considerations with product development, Kyle highlights the role of automation, mentioning tools like Spinnaker and AWS that help incorporate security measures seamlessly into product development. He vividly illustrates the success of these methods through examples at Optimizely, where they have managed to eliminate vulnerabilities like cross-site scripting in their tech infrastructure.
The discussion also broaches the challenges associated with prioritizing security tasks, especially during resource constraints. For such scenarios, Kyle emphasizes maintaining a transparent system that records all security issues so that they're addressed comprehensively. Listeners will find this episode particularly valuable as it delves into both the successful strategies and the challenges associated with integrating security into the architectural fabric of product development.
Links
- Building Security In Maturity Model (BSIMM)
- OWASP (Open Web Application Security Project)
- Amazon Web Services (AWS)
- Cloud Formation (AWS service)
- Spinnaker (Open-source, multi-cloud continuous delivery platform)
- Snyk (Open-source security platform)
Follow Us
- Our Website
- Our LinkedIn
More shows like The Secure Developer
View all
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
373 Listeners
Software Engineering Daily
625 Listeners
Risky Business
374 Listeners
The Cloudcast
152 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
653 Listeners
CyberWire Daily
1,022 Listeners
Thoughtworks Technology Podcast
43 Listeners
The Application Security Podcast
36 Listeners
Y Combinator Startup Podcast
226 Listeners
Tech Brew Ride Home
961 Listeners
Defense in Depth
74 Listeners
The Stack Overflow Podcast
63 Listeners
All-In with Chamath, Jason, Sacks & Friedberg
9,927 Listeners
The AI Daily Brief: Artificial Intelligence News and Analysis
610 Listeners
BG2Pod with Brad Gerstner and Bill Gurley
467 Listeners