Cyber Security & Cloud Podcast
Technology
CSCP S4EP13 - Josh Goldberg - Crafting Secure Applications in the Age of AI with Josh Goldberg
A dev perspective on application security:
Dive deep into the pivotal nexus of cybersecurity, application security, and software development in our latest podcast episode featuring Josh Goldberg, a renowned figure in the TypeScript ecosystem. This episode sheds light on the evolving realm of secure coding practices, acknowledging the progress achieved while recognizing the challenges that lie ahead. Join us as we unravel the nuanced role of artificial intelligence in software development, moving beyond the hype to establish grounded expectations for this sophisticated tool.
The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence.
Our discussion ventures into the dynamic landscape of the tech job market, sparking a thought-provoking debate on the value of junior versus senior developers in building a resilient digital future. We also underscore the critical role of checklists in enhancing product development, inspired by insights from "The Checklist Manifesto." By integrating accessibility audits and security consultations, we reveal how checklists can transform development processes, ensuring products are secure and accessible from the start.
The conversation extends to the cutting-edge application of AI in threat modeling, highlighting the importance of strategic objectives that place security and accessibility at the forefront. We further explore the essential art of communication within organizations and its pivotal role in seamless security integration. This dialogue emphasizes the significance of leadership in cultivating an environment where trust and verification coalesce, promoting a culture of thorough security checks and balances.
As we dissect the concept of Service Level Agreements (SLAs), our discussion illuminates their dual function as both security mechanisms and corporate assurances, advocating for the early adoption of security measures in business strategies. Experience firsthand how security features, like multi-factor authentication, can serve not just as protective measures but as compelling marketing and product differentiators.
Don't miss this enriching conversation that bridges the gap between cybersecurity practices and software development, offering invaluable insights for professionals navigating the intricate landscape of tech innovation.
Tune in to this enlightening episode to equip yourself with the knowledge and insights needed to navigate the evolving landscape of cybersecurity.
- 00:02: Introduction and sponsorship message from Phoenix Security Limited.
- 00:53: Welcoming Josh Goldberg, an open source advocate in the TypeScript ecosystem, to the podcast.
- 01:37: Josh shares his journey into enhancing software quality and security through open-source contributions.
- 02:01: Analyzing the current landscape of application security and the ongoing challenges for developers.
- 03:20: The potential of artificial intelligence in revolutionizing secure code practices and its limitations.
- 04:28: Addressing the scarcity of developer resources and the impact on application security.
- 07:21: Strategies for integrating essential security practices into development teams with constrained resources.
- 10:13: Emphasizing the importance of establishing measurable success metrics in secure software development.
- 13:02: The imperative of fostering effective communication between security and development teams for a robust security posture.
- 18:08: Discussing the evolution of security tools and the significance of early integration in the development process (Shift Left).
- 21:32: The role of risk management in aligning business objectives with security imperatives.
- 25:04: Expressing optimism for the future of tech with advancements in tools and platforms facilitating better security integration.
- 32:35: Josh's parting thoughts on leveraging ESLint plugins for vulnerability detection and the hopeful reduction of common security flaws.
- 36:00: Conclusion of the conversation with a focus on the collective progress in cybersecurity and application development.
- 38:10: Final words from Francesco Cipollone, encouraging listeners to engage with security within their development practices.
Josh Goldberg
Hi, I’m Josh! I’m an independent full time open source developer. I work on projects in the TypeScript ecosystem, most notably typescript-eslint: the tooling that enables ESLint and Prettier to run on TypeScript code. I’m also the author of the O’Reilly Learning TypeScript book, a Microsoft MVP for developer technologies, and an active conference speaker. My personal projects range from static analysis to meta-languages to recreating retro games in the browser. Also cats.
Connect with Josh [bsky / GitHub / Mastodon / Twitter / Twitch / www]
- Cyber Security and Cloud Podcast hosted by Francesco Cipollone
- Twitter @FrankSEC42
- Linkedin: linkedin.com/in/fracipo
- #CSCP #cybermentoringmonday cybercloudpodcast.com
- Social Media Links
Follow us on social media to get the latest episodes: - Website: http://www.cybercloudpodcast.com/
- Linkedin: https://www.linkedin.com/company/35703565/admin/
- Twitter: https://twitter.com/podcast_cyber
- Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/
- You can listen to this podcast on your favourite player:
- Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463
- Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ
#Cybersecurity, #appsec #productsecurity #prodsec #aspm
More Episodes
Get this podcast on your
phone, FREE
