Security often feels like a roadblock to developers, but what if it could be seamlessly integrated into the development process? As software delivery becomes increasingly automated and self-service, the traditional approach to security needs a major overhaul.

Danny Allan, CTO at Snyk, shares practical insights on transforming security from a bottleneck into an enabler of developer productivity. Drawing from his extensive experience at IBM, VMware, and Veeam, Allan discusses how security teams can shift left effectively without creating friction.

Key topics covered:

• Building successful security champions programs that cultivate curiosity rather than relying solely on senior developers
• Practical approaches to embedding security controls into development pipelines, from IDE integration to PR checks
• Strategies for measuring security team success beyond just vulnerability counts
• The role of pre-hardened containers and infrastructure-as-code scanning in platform security
• How AI is transforming both code generation and security tooling, including Snyk's approach to vulnerability detection

Guest: Danny Allan , Chief Technology Officer at Snyk

As CTO, Danny leads end-to-end ownership of Snyk’s current core offerings and roadmap, as well as the company’s near-term platform vision. Before joining Snyk, he was CTO at Veeam and Desktone (acquired by VMWare) and Director of Security Research at IBM. In his free time, he loves scuba diving, cycling, and hockey (like a true Canadian!)

Snyk, website 

Snyk, X 

Snyk, YouTube

Snyk, Github

Snyk, Discord

The Secure Developer Podcast by Snyk

Links to interesting things from this episode:

• DistroList
• Chainguard
• Verizon Data Breach Investigation Report
• Hack This Site
• Model Context Protocol