What We Discuss with Travis McPeak:
- 00:00 Podcast Intro
- 03:23 Travis Professional Background
- 04:24 What is an Application Security Program
- 04:40 What is Cloud Security Program
- 05:02 What is in a Traditional Application Security Program
- 05:47 What is a Paved Road?
- 06:10 Guardrails on a Paved Road
- 07:10 What is a Cloud First Company?
- 07:47 What is an AppSec Program in a Cloud First Company like Netflix?
- 09:23 What does Security do when devs do security?
- 10:20 Security challenges in a Micro services world?
- 11:05 Example of Security Function for writing good quality code?
- 13:36 Is CloudSec & AppSec converging into one?
- 14:36 Starting a Cloud Security Program?
- 17:47 Maturity Scale from Startup to large cloud foot print company
- 18:57 Example of Security Function for IaC?
- 20:28 Components of Cloud Security Program
- 23:16 Self Service applications from Security is the Future?
- 24:38 Building a Dev First Culture for Self Service – S3 Bucket
- 25:16 Building a Dev First Culture for Self Service – IAM
- 26:37 How does new Cloud Service approval work in modern security teams?
- 27:32 Using Sandbox accounts
- 28:06 Handling Exceptions for Approving Cloud Security Services
- 29:35 Handling Exceptions for request to Prod data from Developers
- 32:00 Compliance in Cloud for a modern security team
- 34:02 Has your thinking of Cloud Security Programs evolved as cloud breaches have changed?
- 35:47 What kind of team is required for Cloud Security Program
- 37:25 Role of Red Team in Modern Cloud Security Teams
- 39:00 Where can people learn about building Cloud Security Programs for Modern Security Stack
- 42:17 Building Cloud Security Programs required Open Source Tools?
- 40:20 Fun Section.
THANKS, Travis McPeak!
If you enjoyed this session with Travis McPeak, let him know by clicking on the link below and sending him a quick shout out at Twitter:
Click here to thank Travis McPeak at Twitter!
Click here to let Ashish know about your number one takeaway from this episode!
And if you want us to answer your questions on one of our upcoming weekly Feedback Friday episodes, drop us a line at firstname.lastname@example.org.