Join us as we explore the evolving application security landscape with Marius Poskus, VP of Glow Financial Services and a seasoned cybersecurity professional. In this episode, we delve into the increasing adoption of open-source code and AI in startup development, examining the potential impacts on code security amid rapid innovation pressures. Marius shares his insights on the cultural shifts required for effective DevSecOps practices, the prolonged timelines for meaningful change, and the disruptions caused by changing CISOs. We also touch on the challenges of maintaining consistent application security programs in a dynamic leadership environment, the proliferation of tools, and the importance of measuring their effectiveness. Listen in as we unravel the complexities of managing application security within development environments.

Sponsored by Phoenix Security: This episode is brought to you by Phoenix Security, leaders in vulnerability management from code to cloud. Take control of your security with Phoenix and see firsthand how to prioritize and act on critical vulnerabilities with a free 14-day license available at Phoenix Security - Request a Demo.

We highlight the significance of providing contextual insight and effective communication to address security issues meaningfully. By prioritizing critical issues that offer the most significant risk reduction, we advocate for a strategic approach to security management. Marius also emphasizes understanding the root causes of vulnerabilities to enhance overall practices and mitigate future risks. Finally, we discuss translating risk into business language, emphasizing temporality and criticality to align security efforts with business priorities.

• 00:00 - Introduction: Francesco Cipollone introduces the podcast and guest, Marius Poskus, VP at Glow Financial Services.
• 00:50 - Marius's Introduction: Marius discusses his background and roles, including his YouTube channel and upcoming consultancy.
• 02:04 - Industry Overview: Marius talks about the evolving landscape of application security and the impact of AI.
• 03:25 - Secure Code Development: The challenges of rushing code to market and understanding governance and risks.
• 04:19 - Application Security Programs: The cultural shift needed for DevSecOps and the impact of CISO tenure on security programs.
• 06:15 - Tooling and Measurement: The prevalence and challenges of security tools in organizations.
• 07:00 - Compliance and Standardization: The role of emerging standards and frameworks in driving security practices.
• 09:01 - Asset Management and Application Security: Tracking code across different environments and the complexity of asset management.
• 10:48 - Ownership and Attribution: Identifying ownership and responsibility for code and vulnerabilities.
• 13:00 - Contextual Insight: Providing rich information and context to development teams for better security understanding.
• 15:18 - Measuring Security Tooling: The need for better measurement and understanding the root cause of issues.
• 17:00 - Risk Management: Prioritizing issues based on risk and translating security issues into business risks.
• 18:45 - Advice for CISOs: Building business expectations, creating positive narratives, and transforming security from a cost center to a revenue generator.
• 21:57 - ROI of Security: Measuring the ROI of security through risk reduction and effective communication.
• 23:38 - Positive Industry Outlook: Marius's optimistic view on the industry's trajectory towards better security practices.
• 25:19 - Closing Remarks: Final thoughts on staying updated with industry changes and innovations. Where to find more about Marius and his work.
• 26:09 - Outro: Francesco thanks Marius and encourages listeners to build security programs with insight.

• LinkedIn: Marius Poskus
• Podcast: Cyber Diaries Episode

With over a decade of cybersecurity experience, I am the Global Vice President and Chief Information Security Officer at Glow Financial Services Limited, a leading fintech company that offers innovative and customer-centric solutions. My mission is to build and execute a comprehensive cybersecurity strategy that aligns with the business goals and enterprise risk management of Glow, while ensuring compliance with ISO27001 and other relevant standards.

I lead a high-performing team of cybersecurity professionals who deliver cutting-edge solutions across various domains, such as cloud security, DevSecOps, AppSec, threat hunting, penetration testing, and red and purple teaming. I have successfully implemented a 24/7 Security Operations Centre, a cloud adoption model, and an AppSec program that enhance the security posture and resilience of Glow's global operations. I am also passionate about sharing my knowledge and insights on cybersecurity topics as a public speaker, a non-executive director, and a mentor.

• Website: Cyber Security and Cloud Podcast
• LinkedIn: Cyber Security and Cloud Podcast LinkedIn
• Twitter: @podcast_cyber
• YouTube: Cyber Security and Cloud Podcast YouTube
• iTunes: Cyber Security and Cloud Podcast on iTunes
• Spotify: Cyber Security and Cloud Podcast on Spotify

#Cybersecurity #AppSec #ProductSecurity #ProdSec #ASPM