CSCP S4EP14 - Izar Tarandach - The Future of Threat Modeling and Product Security, with Izar Tarandach

This episode features guest Izar Tarandach, a seasoned security architect with extensive experience in application security, cloud security, and the development of comprehensive security frameworks. Our discussion navigates through the latest trends in application security, the pivotal role of DevSecOps, and the strategic integration of security practices within modern business environments.

Sponsored by Phoenix Security: This episode is brought to you by Phoenix Security, leaders in vulnerability management from code to cloud. Take control of your security with Phoenix and see firsthand how to prioritize and act on critical vulnerabilities with a free 14-day license available at Phoenix Security - Request a Demo.

What's Inside This Episode:

• 00:02 - Introduction to Cybersecurity and Cloud Podcast: Francesco introduces the series and outlines what listeners can expect from this enlightening episode.
• 00:53 - Greetings and New Developments in Threat Modeling: Discover the latest advancements in threat modeling and their implications for cybersecurity.
• 01:35 - Introducing Izar Tarandach: Learn about Izar's journey and his significant contributions to the field of security architecture.
• 02:09 - Recent Trends in Application Security: A detailed discussion on the transformation in application security spurred by innovations in cloud technology.
• 02:54 - Challenges Facing Today's CISOs: Insight into the pressures and challenges CISOs face with rising security stakes.
• 03:30 - Reevaluating Security Protocols: We analyze how traditional security protocols are being reshaped in today's tech landscape.
• 04:49 - The Role of DevSecOps: Understanding the integration of security into DevOps practices and its impact on software development.
• 05:47 - Concept of "Shift Everywhere": Izar critiques the broad application of the "shift everywhere" concept within security strategies.
• 06:56 - The Evolution of Security Integration: Discussion on how security is becoming embedded in all phases of product development.
• 08:13 - The Dilemma of Security Buzzwords: Evaluating how new security terminologies affect industry focus and policy development.
• 09:28 - The Realistic View of Security Practice: A candid look at the progression from idealistic to pragmatic approaches in security practices.
• 11:25 - Addressing Third-Party Risks: Examination of third-party risks and their impact on the software supply chain.
• 13:28 - Third-Party Risk Management: A Case Study: Insights from high-profile cases highlighting the importance of managing third-party vulnerabilities.
• 15:23 - Integrating Security into Business Objectives: How organizations are embedding security objectives into business strategies.
• 16:47 - Seeking Solutions in Security: A shift from seeking singular security solutions to adopting comprehensive, integrated approaches.
• 18:18 - Advocating for Risk-Based Approaches: The importance of adopting risk-based strategies over traditional security measures.
• 19:44 - Educating Developers on Security Importance: The critical role of educating developers on security as a fundamental aspect of software development.

Sponsored by Phoenix Security: This episode is brought to you by Phoenix Security, leaders in vulnerability management from code to cloud. Take control of your security with Phoenix and see firsthand how to prioritize and act on critical vulnerabilities with a free 14-day license available at Phoenix Security - Request a Demo.

Don't Miss This Engaging Discussion on Cybersecurity Trends and Strategies: Tune into this enlightening episode to equip yourself with the knowledge and insights needed to navigate the ever-changing landscape of cybersecurity. Whether you're a professional in the field, a business leader, or just keen on enhancing your cybersecurity awareness, this episode is packed with valuable information to help you understand the nuances of securing applications and infrastructures in a digitally-driven world.

Izar Tarandach

• Linkedin: https://www.linkedin.com/in/izartarandach/ 
• Twitter: https://twitter.com/izar_t?lang=en-GB 
• Books: https://www.oreilly.com/pub/au/7898 
• Github: https://github.com/izar 
• Threat Modelling Con: https://www.threatmodelingconnect.com/general-discussion-32/i-m-izar-tarandach-and-if-you-have-questions-i-may-have-answers-148 
• Speaker profile: https://conferences.oreilly.com/software-architecture/sa-ny-2019/public/schedule/speaker/324717.html 

Cyber Security and Cloud Podcast hosted by Francesco Cipollone

• Twitter @FrankSEC42
• Linkedin: linkedin.com/in/fracipo 
• #CSCP #cybermentoringmonday cybercloudpodcast.com 

• Social Media Links 
  Follow us on social media to get the latest episodes:
• Website: http://www.cybercloudpodcast.com/
• Linkedin: https://www.linkedin.com/company/35703565/admin/  

• Twitter: https://twitter.com/podcast_cyber   

• Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/ 
• You can listen to this podcast on your favourite player:
• Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  

• Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ 

#Cybersecurity, #appsec #productsecurity #prodsec  #aspm