What We Discuss with Travis McPeak:
- 00:00 Podcast Intro
- 03:23 Travis Professional Background
- 04:24 What is an Application Security Program
- 04:40 What is Cloud Security Program
- 05:02 What is in a Traditional Application Security Program
- 05:47 What is a Paved Road?
- 06:10 Guardrails on a Paved Road
- 07:10 What is a Cloud First Company?
- 07:47 What is an AppSec Program in a Cloud First Company like Netflix?
- 09:23 What does Security do when devs do security?
- 10:20 Security challenges in a Micro services world?
- 11:05 Example of Security Function for writing good quality code?
- 13:36 Is CloudSec & AppSec converging into one?
- 14:36 Starting a Cloud Security Program?
- 17:47 Maturity Scale from Startup to large cloud foot print company
- 18:57 Example of Security Function for IaC?
- 20:28 Components of Cloud Security Program
- 23:16 Self Service applications from Security is the Future?
- 24:38 Building a Dev First Culture for Self Service – S3 Bucket
- 25:16 Building a Dev First Culture for Self Service – IAM
- 26:37 How does new Cloud Service approval work in modern security teams?
- 27:32 Using Sandbox accounts
- 28:06 Handling Exceptions for Approving Cloud Security Services
- 29:35 Handling Exceptions for request to Prod data from Developers
- 32:00 Compliance in Cloud for a modern security team
- 34:02 Has your thinking of Cloud Security Programs evolved as cloud breaches have changed?
- 35:47 What kind of team is required for Cloud Security Program
- 37:25 Role of Red Team in Modern Cloud Security Teams
- 39:00 Where can people learn about building Cloud Security Programs for Modern Security Stack
- 42:17 Building Cloud Security Programs required Open Source Tools?
- 40:20 Fun Section.
THANKS, Travis McPeak!
If you enjoyed this session with Travis McPeak, let him know by clicking on the link below and sending him a quick shout out at Twitter:
And if you want us to answer your questions on one of our upcoming weekly Feedback Friday episodes, drop us a line at email@example.com.