Cigital’s Principals podcast
21st episode of The Silver Bullet Security Podcast.
Interview with Cigital’s Principals
John Steve: helping companies build their own software security capability.
Pravir Chandra: training & helping our customers do strategy all the way down to security assessments.
Sammy Migues: service line management at Cigital and do a lot of monetizing of
intellectual property.
best way for a big company to get started with security: focus on what their strength & what they can do well - giving smart ppl little more security knowledge, playing to their curiosity.
CLASP, M$'s SDL, Cigital's Touchpoints
we need someone to be a practitioner and not just an enabler of bad events
sw security training - tell them how to implement things, give the skill not only make them aware.
the instructor has to have experience & a practitioner
in the past programming language like C, we have to do everything, nowadays building app on the like a J2EE platform, there are so many aspect of the arch that are enforced upon you by the platform itself - it makes a hell of a lot easier to put together a doc of what ur arch does because u r just following the patterns that have been laid out before u.
lenght: 23:35m
Interview with Cigital’s Principals
John Steve: helping companies build their own software security capability.
Pravir Chandra: training & helping our customers do strategy all the way down to security assessments.
Sammy Migues: service line management at Cigital and do a lot of monetizing of
intellectual property.
best way for a big company to get started with security: focus on what their strength & what they can do well - giving smart ppl little more security knowledge, playing to their curiosity.
CLASP, M$'s SDL, Cigital's Touchpoints
we need someone to be a practitioner and not just an enabler of bad events
sw security training - tell them how to implement things, give the skill not only make them aware.
the instructor has to have experience & a practitioner
in the past programming language like C, we have to do everything, nowadays building app on the like a J2EE platform, there are so many aspect of the arch that are enforced upon you by the platform itself - it makes a hell of a lot easier to put together a doc of what ur arch does because u r just following the patterns that have been laid out before u.
lenght: 23:35m