Matt Spitz (@mattspitz, Head of Engineering at @TrustVanta) talks about the challenges of developer security and compliance.
SHOW: 753
CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotw
NEW TO CLOUD? CHECK OUT - "CLOUDCAST BASICS"
SHOW SPONSORS:
SHOW NOTES:
Topic 1 - Welcome to the show. Tell us a little bit about your background. What made you join Vanta and did your experience at Dropbox factor into this decision?
Topic 2 - Our topic today is developer security and compliance. Let’s start by helping our listeners understand the problem. We hear all the time about developers wanting to go fast. Things like security and compliance can be an afterthought. Do you agree and is this the root of the problem or is it something else?
Topic 3 - Most organizations, especially smaller orgs or startups just getting going, they just want to get to MVP, what advice to you have for them in building security and compliance into their CI/CD pipelines so this becomes more programmatic?
Topic 4 - Security is certainly one angle, but probably just as important, if not more so is compliance. To make it slightly more difficult, compliance can mean many different things based on geography (SOC in US for instance). How do organizations staff for this and keep up with regulation changes? Or, maybe on the flip side, is this a common area where they are understaffed and need outside assistance?
Topic 5 - In security and compliance worlds there is often the concept of identification and discovery as one part, but remediation as the second part. Where and how does Vanta work with organizations to solve for both vectors?
Topic 6 - Automation, especially into CI/CD pipelines seems like a no-brainer here, but I would also add is this an area where AI/ML will come into play in the future?
Topic 7 - If folks want to dig in and learn more, how do you suggest they get started?
FEEDBACK?