S4E4: Resilient Cyber Show w/ Derek Fisher

In this episode of Resilient Cyber, Chris Hughes and Dr. Nikki Robinson are joined by Derek Fisher, author of the Application Security Handbook. Together, they dive into the critical aspects of application security and how to build robust security programs for modern organizations.

🔑 Key Highlights:

• Building an Application Security Program: Derek shares his experience and offers a blueprint for creating a successful AppSec program from the ground up, addressing the unique needs of security teams, developers, and management alike.

• Security as a Partner: Derek discusses the importance of security working alongside developers, focusing on risk reduction without stifling productivity or blocking progress.

• Security Champions & Empowerment: The conversation covers the value of Security Champion programs and how decentralizing security efforts can help scale security across development teams.

• Threat Modeling & Tool Integration: Learn when and how to introduce threat modeling and security tooling into your software development lifecycle, including shift-left strategies and integrating security into IDEs.

• Cyber Resiliency & Open Source: Derek highlights the role of S-BOMs (Software Bill of Materials) in supply chain security and shares insights on responding to security incidents with cyber resiliency in mind.

Tools & Resources Mentioned:

• Application Security Handbook by Derek Fisher: A comprehensive guide for developing AppSec programs.

• Security Champions: A program to deputize developers with security responsibilities, democratizing security across the team.