Sveriges mest populära poddar

The Cloudcast

Automating Developer Security and Compliance

34 min • 13 september 2023

Matt Spitz (@mattspitz, Head of Engineering at @TrustVanta) talks about the challenges of developer security and compliance. 

SHOW: 753

CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotw

NEW TO CLOUD? CHECK OUT - "CLOUDCAST BASICS"

SHOW SPONSORS:

  • Find "Breaking Analysis Podcast with Dave Vellante" on Apple, Google and Spotify
  • Keep up to data with Enterprise Tech with theCUBE
  • Reduce the complexities of protecting your workloads and applications in a multi-cloud environment. Panoptica provides comprehensive cloud workload protection integrated with API security to protect the entire application lifecycle.  Learn more about Panoptica at panoptica.app

SHOW NOTES:

Topic 1 - Welcome to the show. Tell us a little bit about your background. What made you join Vanta and did your experience at Dropbox factor into this decision?

Topic 2 - Our topic today is developer security and compliance. Let’s start by helping our listeners understand the problem. We hear all the time about developers wanting to go fast. Things like security and compliance can be an afterthought. Do you agree and is this the root of the problem or is it something else?

Topic 3 - Most organizations, especially smaller orgs or startups just getting going, they just want to get to MVP, what advice to you have for them in building security and compliance into their CI/CD pipelines so this becomes more programmatic?

Topic 4 - Security is certainly one angle, but probably just as important, if not more so is compliance. To make it slightly more difficult, compliance can mean many different things based on geography (SOC in US for instance). How do organizations staff for this and keep up with regulation changes? Or, maybe on the flip side, is this a common area where they are understaffed and need outside assistance?

Topic 5 - In security and compliance worlds there is often the concept of identification and discovery as one part, but remediation as the second part. Where and how does Vanta work with organizations to solve for both vectors?

Topic 6 - Automation, especially into CI/CD pipelines seems like a no-brainer here, but I would also add is this an area where AI/ML will come into play in the future?

Topic 7 - If folks want to dig in and learn more, how do you suggest they get started?

FEEDBACK?

Förekommer på
00:00 -00:00