Amanda Alvarez is a DevSecOps Architect consultant at Trace3 with a passion for helping people learn more about software security. She is a highly-motivated practitioner who enjoys creating developer-oriented solutions with an emphasis on increasing effective feedback loops to help companies balance agility with security.
Her mission is to spread awareness on scalable and sustainable software security programs so that people and their data remain protected from evolving threats. Outside of continuously learning more about cyber security, she enjoys gardening and hiking the mountains of Colorado.
Brook Schoenfield has authored six security books, taught hundreds of security architects, and thousands have attended his threat modeling training sessions. He was the technical lead for five software security programs and four consulting practices.
Brook is currently the CTO of Resilient Software Security and True Positives’ Chief Software Security Strategist. He helps organizations and technical leaders improve their software security practices. He also teaches at the University of Montana.
I had the pleasure of hosting Amanda and Brook on this week’s episode of Champions of Security. Here’s the full episode and the key takeaways from our conversation.
Key Takeaways
#1: Never Trust and Always Verify
Gone are the days of monolithic applications with single points of entry. Software should perform authorization checks at every interface -– and authentication checks may be needed, too. Attackers regularly compromise software, so remain skeptical of every request.
#2: Design for Secure-by-Default
Many IOT devices are insecure by default. The consumer often holds the burden of hardening their IOT devices by changing default passwords. Why is anything unsafe by default in a digital world constantly under attack?
Applications must be designed to withstand cyber attacks before they ship to customers.
#3: Security is a Moving Target
Attackers are improving alongside software security. New attacks are constantly developed, and organizations need to adapt accordingly.
Furthermore, software applications themselves change regularly. Implementation varies from design, and code changes alter software behavior. Security teams must keep up with the ever-changing digital landscape.
Interested in talking security with me? Reach out to me on LinkedIn.