Today we are joined by Altaz Valani from Security Compass and Spencer Koch, Security Wizard at Reddit, to discuss the importance of a proactive security mindset across the software security life cycle. Proactive often means using tools, but these tools are useful only if they help reduce process overhead. Blindly shifting security responsibilities to tools results in more overhead through false positives. In this podcast, we will talk about a lean process mindset that shifts the discussion “to the left” (before SAST, DAST, and Pentesting) and helps to identify where waste can be eliminated — and that is what enables proactive security.
Spencer is an offensive security professional with extensive experience in both consulting and industry. He has also served as the North American CISO at a large energy company.