Software at Scale 24 - Devdatta Akhawe: Head of Security, Figma


Manage episode 295225186 series 2899471
By Utsav Shah. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

Devdatta Akhawe is the Head of Security at Figma. Previously, he was Director of Security Engineering at Dropbox, where he led multiple teams on product security and abuse prevention.

Apple Podcasts | Spotify | Google Podcasts

In this episode, we discuss security for startups, as well as dive deep into some interesting new developments in the security realm like WebAuthn and BeyondCorp. We wrap things up with slightly philosophical points on the relationship between security and regulation.


0:00 - What got Dev interested in computer security?

4:00 - Security for a startup. What framework should a CTO use to think about security as their startup gets its first customer?

7:30 - Trends in the security space. Increasing customer demand for security due to the multi-tenant nature of the cloud. Lateral movement attacks.

12:45 - BeyondCorp. “There’s BeyondCorp, and YOLO NoCorp”. NIST’s paper on it.

25:00 - How should I think about a Bug Bounty program as a startup founder? - Having a good “Vulnerability Disclosure Policy” is an extremely valuable first step

26:30 - Why would anyone report bugs if they weren’t being paid for them?

30:00 - Interesting security products that companies might want to buy :)

34:30 - What is WebAuthn?

39:00 - How security and usability shouldn't be a trade-off

43:00 - Security regulations

47:00 - A repeat question - as a startup, what should I do to keep myself secure?

This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit

52 episodes