A Brand Story with Sean Martin, Marco Ciappelli, and Peter Klimek from Imperva

In this Brand Story episode, hosts Marco and Sean have a thought-provoking discussion with Peter Klimek from Imperva about the concept of "shift left" in application security. Have we gone too far?

The conversation revolves around the challenges and benefits of identifying vulnerabilities earlier in the software development lifecycle and the need for collaboration between development and security teams. Peter emphasizes the importance of finding a balance between tools and human expertise in addressing vulnerabilities. He highlights the common issue of organizations having a backlog of vulnerabilities that need to be fixed, rather than a problem of finding vulnerabilities—it's "easy" to find them, harder to fix them all.

The conversation also touches on the measurement of closure velocity and the significance of development team velocity as a core metric in application security. They discuss the role of APIs, platform engineering, and infrastructure as code in improving collaboration, automation, and trust in systems.

Peter draws a parallel between guardrails on a highway and the need for guardrails in application security, emphasizing the importance of providing development teams with time to address critical vulnerabilities. They also explore the challenges of coordinating multiple teams and the role of operations in orchestrating the development and security processes.

The need for a defensive mindset and the importance of leveraging the guardrails Peter noted to prevent fatal vulnerabilities is also discussed as they emphasize the significance of collaboration, measurement, and a balance between development and security teams in implementing shift left practices effectively.

The episode provides valuable insights into the nuances, challenges, and benefits of integrating shift left practices into application security, while emphasizing the need for collaboration, balance, and the ethical use of tools.

Note: This story contains promotional content. Learn more.

Guest: Peter Klimek, Director of Technology - Office of the CTO at Imperva [@Imperva]

On LinkedIn | https://www.linkedin.com/in/peter-klimek-37588962/

47.4% of internet traffic wasn’t human in 2022!

Get the research from @Imperva to learn how bots are taking over the internet.

Additional Resources

DevOps Research and Assessment (DORA): https://dora.dev

PODCAST | The Impact Of Log4j Since Its Disclosure | Steps Businesses Can Take To Maintain Software Supply Chain Security:

• Part 1: https://redefining-cybersecurity.simplecast.com/episodes/the-impact-of-log4j-since-its-disclosure-steps-businesses-can-take-to-maintain-software-supply-chain-security-part-1-of-2-an-imperva-story-with-gabi-stapel

• Part 2: https://redefining-cybersecurity.simplecast.com/episodes/why-protecting-your-business-data-is-more-like-securing-a-museum-than-a-bank-demystifying-data-protection-an-imperva-story-with-terry-ray-07mq5xex-q5rc-fw8

PODCAST | From Enrolling In College To Gambling, Traveling, And Shopping, Evasive Bad Bots Are A Major Source Of Online Fraud | The Bad Bot Report 2022 | An Imperva Brand Story With Ryan Windham:

• Part 1: https://redefining-cybersecurity.simplecast.com/episodes/from-enrolling-in-college-to-gambling-traveling-and-shopping-evasive-bad-bots-are-a-major-source-of-online-fraud-the-bad-bot-report-2022-part-1-an-imperva-story-with-ryan-windham

• Part 2: https://redefining-cybersecurity.simplecast.com/episodes/from-enrolling-in-college-to-gambling-traveling-and-shopping-evasive-bad-bots-are-a-major-source-of-online-fraud-the-bad-bot-report-2022-part-2-an-imperva-story-with-ryan-windham