Lenny Zeltser is as brilliant as he is prolific – a true thought leader in #security and #applicationsecurity in particular. Lenny, holds a rare post as the #CISO of a serious and successful security business, Axonius. He builds security programs from within a security company!
On this episode of Seeding AppSec, we discuss with Lenny what lessons he has learned from this unique perspective. With your hosts: Nir Valtman (CEO of Arnica) & Simon A. Wenet (Head of Growth at Arnica)
What we cover in this episode:
[00:00 - 10:25] - Security: An Interdisciplinary Pursuit
Lenny recalls his early career experiences with firewalls, networking, and intrusion detection. He was drawn to security as an intersection of multiple disciplines.
Lenny discusses his transition from enterprise security consulting to building security services for small businesses. It required a different cost and customer focus.
[10:26 - 21:28] - The Duality of Product Management
As a product manager, Lenny focused more on business objectives like revenue and customer needs rather than strictly security best practices.
Lenny emphasizes aligning security program efforts to overall company goals, while carefully prioritizing deficiencies.
[21:29 - 39:22] - Bridging the Security & Product Divide
Having security experience helps Lenny empathize with product teams when providing feedback from an internal user perspective.
Building a security program at a security company raises customer expectations for credibility. But it also provides leverage to get stakeholder buy-in.
Lenny stresses adding context to scanner findings to properly prioritize vulnerabilities over just risks.
Catching issues earlier before tickets are needed demonstrates shifting security left to development teams.
[39:23-42:05] - Lightning Round & Closing Thoughts.
Lenny shares fun facts about how he takes his coffee, advice to young security professionals, and tells us more about his blog and company.
Connect with Lenny!
LinkedIn: https://www.linkedin.com/in/lennyzeltser/
Blog: https://zeltser.com/
Check out Axonius’s services at: https://www.axonius.com/
We hope you enjoyed this edition of Seeding AppSec! Check out the latest trends in application security discussed with our esteemed guests from around the globe. Don't miss any future episodes; subscribe to Seeding AppSec on Spotify, YouTube, Google Podcasts, or Apple Podcasts.
This podcast is proudly brought to you by Arnica, a revolutionary application security solution reshaping how AppSec teams tackle risk identification and mitigation. Explore Arnica.io for detailed information about their cutting-edge security solution, featuring real-time pipelineless risk identification and git posture management. Protect your developers, code, and products without compromising development velocity.
Stay connected and informed by following Arnica.io on LinkedIn and Twitter for the latest updates and insights on application security.
Thank you for joining us on this enlightening journey into the world of Application Security! Remember to prioritize security and continue seeding AppSec in your organizations. Until next time, stay secure and keep innovating!
Key Quotes
"If you don't know how to manage your own security, then how can you help us manage ours with your solutions?" - Lenny Zeltser
"If you are able to catch a new capability that's not even incorporated into the code branch and stop it early, the developer is much more likely to react positively and quickly and to actually act on the information." - Lenny Zeltser