Introducing the Future of Application Security Podcast

Future of Application Security – Harshil Parikh

Harshil Parikh, our CEO and co-founder, will interview industry experts from various fields. Harshil’s background is truly awesome, he not only started Tromzo as a way to eliminate the friction between developers and security so that teams (like the ones he has led) can scale application security (AppSec) programs in this modern cloud-native journey we are all on.

He has great experience building security and compliance functions from the ground up, and most recently built the security and compliance team at Medallia from scratch, scaled the team globally, achieved compliance (SOC2, ISO, FedRAMP), went through an IPO and secured M&A (6+ acquisitions). He’s also shared his insights as a presenter at RSA Conference, AppSec USA, CSX Europe, and more.

Small plug for Tromzo (shameless, I know)…we will be at BSides SF and RSAC this year. If you want to hang out with us, just ping me or Harshil and we will gladly join you for beverages.

Episode 1 – NextRoll’s Nico Valcarcel: How to Build Empathy Between Developers and Security

In this first episode, NextRoll’s Product Security Lead Nicolas Valcarcel shares how since he was 15 he wanted to work in security. However, his career path has been far from conventional.

By being part of developer teams in early-stage startups and working hand to hand with founding teams, he has been able to get a grasp on how developers and security teams see the same product in very different ways, and the common friction points that come from their interactions.

In this episode, Nico shared his experience and taught us his secret sauce: Advocating for engineering in the security team and advocating for security in the engineering team.

Topics discussed in this episode:

• Nico’s background and how he landed in the application security field.
• How developers and security people think differently.
• How to make developers embrace security values.
• How to approach proof of vulnerability requests.
• The importance of integrating decision makers in product and application security.
• Advice for AppSec managers to build strong relationships that work for both, security and engineering teams.
• What critical skills you need to build an ideal AppSec team.
• Keys to success in operating a Security Champions program.
• 3 Pieces of advice for leaders that want to build and scale an AppSec program.

Additionally, if you want to know more about Tromzo, we wrote up a little summary of what we do and why we do it below:

Tromzo – Modern Application Security

We all feel it right?! Developers today are like superhumans, they are shipping code faster than ever and we are the struggle bus trying to keep up on the security side. This makes it darn near impossible to catch up and means we aren’t able to grow and scale with developers.

Our founders (one is a phenomenal developer and one a security expert) have experienced this challenge and were fed up with there not being a way to solve for it. So, guess what they did. They created the solution, Tromzo!

No longer do we have to do the traditional (very slow) path of AppSec teams working with developers to build secure code and finding security bugs, then the majority of those issues get ignored. Developers get frustrated with alerts that are unactionable while security gets frustrated their requests are ignored.

Well, long gone are the days where friction between these two teams leads to a lack of collaboration and alignment – leaving applications vulnerable.

Developer-First Application Security

We believe that in order for security to scale, organizations must adopt a developer-first approach to application security. From the foundational human interactions to the management platform that support scaling. Security must be made easy for developers so they can focus on shipping great software. Only then can AppSec teams focus on higher-value strategic work.

We created a world where security becomes self-service and developers are able to effortlessly determine security measures appropriate for their work and tune out the noise. In this new world, security isa first-class citizen in developer workflows and security teams are empowered to do meaningful work.

And that’s what the Future of Application Security podcast is all about: empowering AppSec professionals to scale their programs by embracing a developer-first approach.

In each episode of this show, Harshil will be interviewing leaders to learn what they have done to shift security everywhere and scale their AppSec program.

We look forward to bringing you conversations that will help you build an application security program that scales with the pace of modern software development.

For the latest episodes, visit the Future of Application Podcast Page on Spotify or Apple.