Content provided by VMware. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by VMware or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://cloudutil.player.fm/legal.

People love us!

User reviews

"Love the offline function"
"This is "the" way to handle your podcast subscriptions. It's also a great way to discover new podcasts."

Whose Responsibility is Secure Software? with Steve Lipner, Executive Director of Safe Code, and Karen Worstell, VMWare Cyber Strategist

30:55
 
Share
 

Manage episode 356681116 series 2623537
Content provided by VMware. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by VMware or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://cloudutil.player.fm/legal.

In this episode, we speak with Steve Lipner, Executive Director of Safe Code, and Karen Worstell, VMWare Cyber Strategist. They discuss the new scale of DevSecOps, secure code, and safely adopting new technologies.

Karen describes how modern operating environments differ from older ones, and the concerns involved with quickening development cycles. Steve explains the work of his nonprofit, Safe Code, and the importance of integrating security with a development cycle. They also discuss the future of cloud infrastructure and get into the benefits and possible pitfalls of Chat GPT.

---------

Key Quotes:

Karen

"What’s really really different? The type of code we're writing has changed. The operating environment that we're pushing it into has changed. And the time cycle has really changed. It's a concern, to be honest. It's a benefit, but it's also something that worries people."

Karen

“The cycle has revved up tremendously and it's changed the way we work. So DevSecOps basically means that you've got this development cycle and then you've got the operations of it on an ongoing basis.”

Steve

"The role of the security team is to help organize, train, and equip so that the developers have the right processes, the right training. They know what a security bug looks like and why you don't want to have one. And the right equipment, the right tools to tell them when they need to do something differently and what to do about it."

Steve

"If you want a thousand person security team, then the way to do that is to do all the audits and all the testing, and all the security reviews and all the compliance after the fact. If you want secure software out there this afternoon, the responsibility for building secure software has to be with the developers. The role of the security team is to help organize, train, and equip so that the developers have the right processes, the right training."

Karen:

“I think the truth of it is that in the technology world, where we're surrounded by new technology, and we're used to that cycle of new technology evolution and adopting it like early adopters, we can get out over the skis when it comes to the rest of the world…Technical debt is our biggest risk, my opinion.”

---------

Time stamps:

(02:45) What DevSecOps means

(04:40) Leveraging DevSecOps as a leader

(08:20) The development cycle’s acceleration

(10:05) Safe Code’s mission

(10:55) Old dev cycles vs. new ones

(12:05) Building a secure development model

(14:50) Difficulties behind a security push

(17:40) Recognizing the importance of security pushes

(19:55) Exploring the move to cloud

(21:00) How the modern world adopts new technology

(24:00) The risks of AI acceleration

(30:05) Where to connect with Karen and Steve

---------

Links:

Steve’s LinkedIn: https://www.linkedin.com/in/steve-lipner/

Steve’s website: https://www.stevelipner.org/

Steve on Twitter: https://twitter.com/lipner?lang=en

Karen’s LinkedIn: https://www.linkedin.com/in/karenworstell/

CIO Exchange on Twitter: https://twitter.com/vmwcioexchange
Yadin Porter de León on Twitter: https://twitter.com/porterdeleon
[Subscribe to the Podcast]
On Apple Podcast: https://podcasts.apple.com/us/podcast/cio-exchange-podcast/id1498290907
For more podcasts, video and in-depth research go to https://www.vmware.com/cio

---------

Keywords:

cio, cio exchange, VMware, innovation, leadership, IT, information technology, technology, cto, cloud, multi-cloud, security, devops, devsecops, artificial intelligence, machine learning, AI, Chat GPT, development cycles, technology leadership, AI security

  continue reading

63 episodes

iconShare
 
Manage episode 356681116 series 2623537
Content provided by VMware. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by VMware or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://cloudutil.player.fm/legal.

In this episode, we speak with Steve Lipner, Executive Director of Safe Code, and Karen Worstell, VMWare Cyber Strategist. They discuss the new scale of DevSecOps, secure code, and safely adopting new technologies.

Karen describes how modern operating environments differ from older ones, and the concerns involved with quickening development cycles. Steve explains the work of his nonprofit, Safe Code, and the importance of integrating security with a development cycle. They also discuss the future of cloud infrastructure and get into the benefits and possible pitfalls of Chat GPT.

---------

Key Quotes:

Karen

"What’s really really different? The type of code we're writing has changed. The operating environment that we're pushing it into has changed. And the time cycle has really changed. It's a concern, to be honest. It's a benefit, but it's also something that worries people."

Karen

“The cycle has revved up tremendously and it's changed the way we work. So DevSecOps basically means that you've got this development cycle and then you've got the operations of it on an ongoing basis.”

Steve

"The role of the security team is to help organize, train, and equip so that the developers have the right processes, the right training. They know what a security bug looks like and why you don't want to have one. And the right equipment, the right tools to tell them when they need to do something differently and what to do about it."

Steve

"If you want a thousand person security team, then the way to do that is to do all the audits and all the testing, and all the security reviews and all the compliance after the fact. If you want secure software out there this afternoon, the responsibility for building secure software has to be with the developers. The role of the security team is to help organize, train, and equip so that the developers have the right processes, the right training."

Karen:

“I think the truth of it is that in the technology world, where we're surrounded by new technology, and we're used to that cycle of new technology evolution and adopting it like early adopters, we can get out over the skis when it comes to the rest of the world…Technical debt is our biggest risk, my opinion.”

---------

Time stamps:

(02:45) What DevSecOps means

(04:40) Leveraging DevSecOps as a leader

(08:20) The development cycle’s acceleration

(10:05) Safe Code’s mission

(10:55) Old dev cycles vs. new ones

(12:05) Building a secure development model

(14:50) Difficulties behind a security push

(17:40) Recognizing the importance of security pushes

(19:55) Exploring the move to cloud

(21:00) How the modern world adopts new technology

(24:00) The risks of AI acceleration

(30:05) Where to connect with Karen and Steve

---------

Links:

Steve’s LinkedIn: https://www.linkedin.com/in/steve-lipner/

Steve’s website: https://www.stevelipner.org/

Steve on Twitter: https://twitter.com/lipner?lang=en

Karen’s LinkedIn: https://www.linkedin.com/in/karenworstell/

CIO Exchange on Twitter: https://twitter.com/vmwcioexchange
Yadin Porter de León on Twitter: https://twitter.com/porterdeleon
[Subscribe to the Podcast]
On Apple Podcast: https://podcasts.apple.com/us/podcast/cio-exchange-podcast/id1498290907
For more podcasts, video and in-depth research go to https://www.vmware.com/cio

---------

Keywords:

cio, cio exchange, VMware, innovation, leadership, IT, information technology, technology, cto, cloud, multi-cloud, security, devops, devsecops, artificial intelligence, machine learning, AI, Chat GPT, development cycles, technology leadership, AI security

  continue reading

63 episodes

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Player FM - Podcast App
Go offline with the Player FM app!

Quick Reference Guide