This blog isn’t about a specific security topic or feature of our product. Rather, it’s about the broader security community. This week, we are launching a podcast, “Champions of Security,” as a way to better serve this community.
Why Champions of Security?
Over the last year, I’ve heard countless compelling stories from security-minded humans that I’ve encountered during events, meetings, POCs, research interviews, and regular conversations. There’s always something to learn or take away from these conversations.
My initial instinct was “This is great, all these people are fighting to make the digital world safer.” But the more I thought about it, the more I realized that something was missing. All the value packed into these stories wasn’t getting to the people that needed it. Working for a security vendor, I was able to summarize some highlights or share isolated data points, but for the most part, these stories were getting lost.
I wanted a way to immortalize the experiences of others and help the community learn about security from those who’ve lived it. With this goal in mind, I decided to create a podcast. Today, with the help of my colleagues, we’re stoked to finally launch Champions of Security.
I’m grateful for the stories that each guest has shared with me. Most importantly, I’m delighted to be able to pass these stories on to you, our audience. It’s my goal to connect with every security-minded individual with a story to tell, regardless of whether their job title includes “security.”.
So, without further ado, I present to you: Episode 1.
Episode 1: Where Security Fits into DevOps with Andrés Mayhew
Our premier episode features Andrés, who has a wealth of experience across development, security, and operations. He has worked for companies like Verisign, Rivian, Veritas, and even Napster. He’s now a Senior Manager of SRE for Apixio.
Andres chats with me about a “self-inflicted denial-of-service” that he worked through earlier in his career. If you’re interested in hearing about a specific incident that shut down the internet for ~24 hours, you should have a listen. Despite happening over a decade ago, the lessons learned from that event resonate just as well today.
Another topic that came up was the developer’s mindset and the need to reframe (or even unlearn) some of what we’ve been taught: to program this specific feature or that specific function. Instead, build with full system awareness. To be more precise, you can build the best widget possible, but if it doesn’t work in the application or system that you’re building it for, it’s useless. As Andrés points out, scalability, security, and resilience are all essential values that developers have to infuse into their code.
There are so many more great moments in this episode – from compliance checkbox shelfware to security’s role in developer enablement to proving value of security solutions to non-security folks.
Check out the full episode below.
You can find all available Champions of Security episodes here.
On behalf of Andrés, I invite you to check out the Electronic Frontier Foundation, a nonprofit dedicated to defending digital privacy, free speech, and innovation.
3 Key Takeaways
- A production-first mindset can help developers develop scalable and secure product features.
- Security, stability, and reliability should be product features.
- Be careful of compliance checkboxes and shelfware; your security tools should add real value to the organization.