Application Security Fundamentals w/ Peter Chestna

Peter Chestna is CISO of North America at Checkmarx. He is also a Board Member for the DevSecCon Global Community and MergeBase.

Rafal Los joins Matt Rose on episode 17 of Tattoos, Code, and Data Flows in a conversation around improving the cybersecurity industry (including some very spicy takes on the industry).

Peter is a proven engineering and security leader with deep technical experience. He is an outspoken expert on DevOps/DevSecOps and has 16 years of experience in the Application Security Industry. 

He is effective in building, leading, and developing high-velocity Agile and DevOps teams with security as a first-class citizen. He also speaks internationally at both security and developer conferences.

They explore:

  • Defining DevOps and Agile, and how security should be involved in all processes
  • CI/CD automation vs CI/CD functionality/capability
  • Application Security fundamentals and hygiene
  • Challenges and intentions of being a CISO

Tune in to the full episode to learn how to build application security fundamentals into your security and development programs.

Watch the Full Episode

Top 3 Takeaways

Takeaway #1: Application Security Fundamentals and Hygiene

Sometimes you have to just stick to the basics. With all of the new tooling and technologies out there, it is important to ensure that your internal application security program is set up to improve the overall security of the business.

As Peter describes it, security can sometimes be more of a landfill than a work queue.

No single tool can fix all of your problems, but if you can work on ensuring that your security program has strong fundamentals and works on maintaining hygiene, the two can work together seamlessly (sort of).

Takeaway #2: CI/CD Automation, Functionality, and Capability

DevOps /= automation.

Yes, it is important for organizations to improve and accelerate their development processes so that they can gain a competitive advantage. However, companies who are able to give their engineers and developers time to improve their skills are going to be better off than those who bury them in data.

Takeaway #3: Challenges and Intentions of Being a CISO

A great CISO thinks about risk in the context of the business. You have to be looking at the entire picture in order to build a good internal security program.

Security should be a business enabler, not an end-all-be-all. At the core of it, the CISO should be the security SME that helps the business decide what level of risk they are comfortable with while continuing to allow the business to grow.

Did you find this blog helpful or interesting?

Click the social media button of your choice to share the blog with you friends and colleagues.

See a Live Demo of the Bionic Platform