The Modern Security Podcast: How Github's Chief Security Officer Blends Security & Engineering

https://is1-ssl.mzstatic.com/image/thumb/Podcasts116/v4/f7/56/97/f75697d3-df67-37d6-0326-38a33b971470/mza_12056266361536565593.jpg/600x600bb.jpg

The Modern Security Podcast

Clint Gibler

10 episodes

2 weeks ago

In the Modern Security Podcast, Clint Gibler (Founder of tl;dr sec and Head of Security Research) joins other CISOs and security leaders to talk about upcoming trends for security, career advice for those just getting started, and much more. Follow us at https://semgrep.dev/ and follow clint at https://tldrsec.com/

Technology

RSS

All content for The Modern Security Podcast is the property of Clint Gibler and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_nologo/38867527/38867527-1693618289150-7da5377e8f601.jpg

The Modern Security Podcast: How Github's Chief Security Officer Blends Security & Engineering

The Modern Security Podcast

1 hour 45 seconds

1 year ago

The Modern Security Podcast: How Github's Chief Security Officer Blends Security & Engineering

In this episode, Clint interviews Mike Hanley, Chief Security Officer and SVP of Engineering at GitHub. They discuss the importance of balancing engineering and security, and how GitHub focuses on building secure defaults. Mike also shares how GitHub uses AI internally, including the use of GitHub Copilot for code generation and other AI capabilities in their product features. They explore the potential impact of AI on cybersecurity and the need for organizations to embrace AI to enhance productivity and security. The conversation explores the potential of AI in developer tools and its impact on security. It emphasizes the importance of human oversight and the need to address legacy code and infrastructure. The future of shifting left and the role of AI in security education are also discussed. The conversation concludes with a discussion on AI's potential in code refactoring and the future of cybersecurity and development. Takeaways -Balancing engineering and security is crucial for effective and secure software development. -Building secure defaults and embedding security in the development process can lead to better security outcomes. -AI can be used to enhance productivity and security in software development, such as with GitHub Copilot. -AI has the potential to transform workflows in areas like incident response and code scanning. AI has tremendous potential in developer tools and is still in the early stages of development. -AI can improve security practices but should not replace human oversight and traditional security measures. -The future of shifting left involves integrating security practices earlier in the development process. -Fine-tuning AI for custom use cases and addressing legacy code and infrastructure are important challenges. -AI can play a significant role in security education and code refactoring. -The future of cybersecurity and development will involve a combination of AI and human expertise. Chapters 00:00 Introduction and Background 03:15 Balancing Engineering and Security 08:10 Building Secure Defaults 13:41 The Role of AI at GitHub 25:19 AI Applications in Security 32:02 Impact of GitHub Copilot 32:30 The Potential of AI in Developer Tools 34:04 The Impact of AI on Security 36:18 The Importance of Human Oversight 39:09 The Future of Shifting Left 40:21 Fine-Tuning AI for Custom Use Cases 41:36 Addressing Legacy Code and Infrastructure 43:20 The Need for AI in Security 45:32 The Role of AI in Security Education 46:42 AI's Potential in Code Refactoring 50:03 The Future of Cybersecurity and Development