June 16, 2021

Application Security w/ Taylor Lehmann

by Cyber Ranch

Listen Now

test
Application Security w/ Taylor Lehmann

June 16, 2021 Cyber Ranch

00:00:00

Show Notes

With us today is Taylor Lehmann, former ciso several times over in the healthcare sector, and currently Americas leader for security, networking, identity, and compliance solution architecture at AWS. Taylor and Allan talk about application security: why it's important, who are the personas, the value of threat modeling, infrastructure as code, how to get started, and relationships with developers. Taylor, a Boston boy, starts the show trying to say, "Howdy!" correctly. Taylor started at PWC and grew into a healthcare CISO. He has now transitioned to AWS. Key Takeaways 1:40 How Taylor got into Cyber 2:58 Taylor’s day job 4:30 Appsec Defined 5:49 Taylor's favorite appsec frameworks 7:48 Why appsec is important 8:55 The personas and roles 11:22 Security training in appsec 12:27 Threat modeling 15:11 Infrastructure as code 20:46 How to get started in appsec 24:12 Devs already know and care about security 25:38 Where does the trope come from that devs don't care? 26:52 Why "DevSecOps" is a bad term 28:00 What keeps Taylor going in cybersecurity Links: Learn more about Taylor on LinkedIn and Twitter Follow Allan Alford on LinkedIn and Twitter Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at Axonius
Read more

Recent Episodes

March 29, 2023
by Cyber Ranch

Becoming a CISO means changing a lot of perspectives.  Individual contributors need to learn this, and the CISO is the best one to teach them.  "They're never going to get it!" is a mantra used by both sides of that dialogue, and that is not a soluti...

March 22, 2023
by Cyber Ranch

This episode is a story about an entire vendor encounter gone horribly wrong.  Allan is joined by Paul Moreno, VP of InfoSec at Catawii, formerly SVP of Cybersecurity at Adyen, investor and advisor.  Paul found a cybersecurity vendor.  Paul found goo...

March 15, 2023
by Cyber Ranch

Join Allan and Dr. Mike Brass (whose degree is in archaeology!) as they jointly explore the technical side of the house vs. the GRC side of the house, noting that GRC can be a great path to CISO. Hear Mike's journey from IT technician to GRC to CISO....

March 8, 2023
by Cyber Ranch

We have this idea that we can be perfect.  And we know that idea is unsound.  So we settle for imperfection.  But are we doing that purposefully?  Do we have a conscious plan for embracing imperfection?  How can we, as cyber professionals, embrace ou...

March 1, 2023
by Cyber Ranch

In this episode, Allan is joined by Omkhar Arasaratnam, a force in the industry and an expert in the intersection of software and security (you may remember Omkhar from an earlier show about supply chain security). They challenge each other to a game...

February 22, 2023
by Cyber Ranch

Join Allan, Shaun Marion (CISO of McDonald's) and ChatGPT itself for a lively conversation about the implications of this new tool, AI in general, and nuances about ChatGPT's usage. Even after controls were put into place to prevent ChatGPT from help...

February 15, 2023
by Cyber Ranch

How important are communications after your company has been breached?  They can make or break customer perception, and the perception of the world.  Bad communications are perceived as bad intent. Joining Allan this week is Heather Noggle, owner of ...

February 8, 2023
by Cyber Ranch

Do you want to be a CISO one day?  Are you a CISO today who wants to strengthen your ties into the rest of the business?  The Business Information Security Officer (BISO) role is one you should explore. The role can vary quite a bit, as you will hear...

February 1, 2023
by Cyber Ranch

Joining Allan today are two folks who are passionate about leadership – not just practicing good leadership, but instilling good leadership in future generations.  Joey Rachid is CISO in the ecommerce and financial services industry, is on advisory b...

January 25, 2023
by Cyber Ranch

This week Allan is joined by Nipun Gupta, and industry veteran who has been a consultant, practitioner, vendor, advisor and investor. The topic is "What are we really protecting in cyber?" and the nuances of that question are explored in depth - as w...