Ditching the SDLC w/ Raj Umadas

I had the pleasure of chatting with Rajendra (Raj) Umadas, who is working as the Head of Information Security at Actblue. He’s been involved in security programs for some truly cutting-edge organizations, like Etsy, Spotify, WeWork, and Compass.

Raj is not just a security expert, but also a true leader. Our conversation weaves together his reflections on security and leadership. Check out the full episode here.

3 Key Takeaways

Key Takeaway #1: Take Care of Yourself

More specifically, security professionals should take care of themselves. The work they do is incredibly important and it can be difficult to say “no.” Raj emphasizes that it’s not so much about learning to say no, but being prepared to say “no.” 

Key Takeaway #2: Adjust Your Risk Tolerance to Increase Productivity

One tool at your disposal is the ability to shift where risk is allowed. For example, Raj discusses the robustness of APIs across a user’s journey. Anything available pre-authorization must be secure, so it’s vital to dedicate resources to that area.

If you offer a B2B service, once a user is identified, it may make sense to accept more risk because the communication is between trusted parties. By eliminating the code reviews for the post-authentication API issues (and perhaps adding a regularly scheduled pen test), you can free up time for your staff. 

Key Takeaway #3: The Traditional SDLC is Dead

Okay maybe it’s not “dead,” but it has changed. Raj suggests that the software development life cycle is not as cut and dry as it once was because there’s no real start or end.

As such, security teams should be figuring out where they can accept risk based on how their specific organization ideates, designs, develops, tests, deploys, and maintains software.

Understanding where it’s most efficient and effective to inject security into development will help security to better serve development teams and better protect software. 

I hope you enjoy this episode as much as I do. Thank you, Raj, for being an incredible guest. 

Want more Champions of Security? All episodes are available here.  

Did you find this blog helpful or interesting?

Click the social media button of your choice to share the blog with you friends and colleagues.

See a Live Demo of the Bionic Platform

CrowdStrike Bionic

Have you heard the news?

Bionic to be acquired by CrowdStrike to provide the industry’s most comprehensive cloud security platform. Together, we are creating the industry-defining cloud security platform, fully integrated from code to runtime.