apiiro | Secure By Design | Summary and Q&A

Transcript

Read and summarize the transcript of this video on Glasp Reader (beta).

Summary

In this episode of Gray Matter, the CEO of Appearo Security, Don Plutnik, and the Chief Information Security Officer of Imperva, Samir Sharif, discuss the challenges and opportunities presented by the acceleration of digital transformation in enterprises. They talk about the shift towards developer ownership, the need for new approaches to risk and security, and how Appearo addresses these challenges.

Questions & Answers

Q: Can you introduce yourselves and talk about your backgrounds in cybersecurity?

Don Plutnik started his career in the cybersecurity unit at the IDF and founded a consulting services company focused on pen testing and risk assessment. He later founded a startup called Erato, which was acquired by Microsoft. He is now the CEO of Appearo. Samir Sharif has been in the technology and cyber business for around 22 years, mostly in Citigroup. He has experience in application security, biometrics, digital efforts, risk assessments, and policy development. He is currently the CISO of Imperva.

Q: How has the digital transformation impacted software development?

The digital transformation has led to a shift from waterfall to Agile development and increased focus on developer effectiveness and productivity. Companies are becoming software companies and software development is seen as a core competency. Development teams now have ownership across architecture, security controls, business logic, data flows, and infrastructure.

Q: What are the challenges created by the digital transformation?

The challenges include the lack of effective processes and tooling, the difficulty of prioritizing efforts in this new world, and the need to identify security and compliance issues in the code itself. Existing approaches to risk and security can become blockers and may not be effective in the new environment.

Q: How have you led efforts to address these challenges?

Samir has focused on supporting the business in its digital transformation and streamlining processes. He has worked to enable innovation while staying compliant and secure. He has also emphasized the need for a cultural shift and a rethinking of risk management. Tools like Appearo can help automate and bring visibility to the technology changes in a way that supports compliance and risk management.

Q: Why was Appearo started and how does it address these challenges?

Appearo was started to address the shift to code-centric infrastructure and the challenges it presents for application security, compliance, governance, and infrastructure. It aims to bridge the gap between different teams and provide a quantitative measurement of success criteria. Appearo automates the assurance process, reduces reliance on manual risk assessment questionnaires, and narrows down the scope of pen testing to material changes with business impact.

Q: How can startups effectively work with large enterprises and deliver innovative solutions?

Startups can benefit from engaging with large enterprise customers and listening to their insights and challenges. It is important to have someone with experience in large enterprises to provide feedback and shape the product strategy. Startups can help smaller organizations adopt similar capabilities and drive innovation in the industry.

Q: What routines have you adopted in 2020 to stay balanced and energized?

Don suggests sending wine or beer to the team and having informal virtual happy hours. He also invested time in training his team to interact with customers over video conference. Samir emphasizes the importance of physical movement and exercise, as well as spending time outdoors. The flexibility of remote work allows for a better work-life balance.