EP 56 — Aruneesh Salhotra on Why Security is Everyone’s Job


In this episode of the Future of Application Security, Harshil speaks with Aruneesh Salhotra, CEO and Fractional CISO, SNM Consulting Inc. They discuss the unique challenges and opportunities of application security in the financial sector, including how the “necessary evil” of regulations is increasing accountability around security efforts. They also talk about the need for more vigilant software supply chain security, two better approaches to vulnerability management, and how AI can create self-sufficiency among developers.

Topics discussed:

  • The “necessary evil” of regulations and how they’re increasing accountability around data storage, pen testing, and more.
  • Two approaches security teams can take to better manage application vulnerabilities: a call graph and runtime SCA.
  • What your attack surface is and how to effectively manage it.
  • The increasing importance of software supply chain security and the value of establishing an open source program office.
  • Why security should be everyone’s job and how adopting security today will bear fruit tomorrow.
  • How AI can increase developer self-sufficiency by giving feedback and insights on security actions.

Guest Quotes: 

“Security is everybody’s job, right? I’m tracing it back to my days in audit and compliance almost like twelve years ago. And I can easily see that whether it’s risk or compliance or your security itself, everybody’s job, right from your basic development application developers to your business itself, right? You need to at least make sure your risk and security is kind of adopted within the workflows very early on.”

“A lot of regulations across the globe have become very stringent … how you’re storing the data, how you’re actually managing your pen testing programs, and how often do you do that.” 

“If you’re storing information on behalf of your clients, you should have some onus on that. You should be held accountable no matter what.” 

“Having a comprehensive view of your attack surface becomes very important. Then you can allocate your resources, your money, your budget appropriately.”

“One of the tenants for successful application security is empowering your developers. … If you can bring the right solution for your organization, the time it takes for developers to find and fix the vulnerability is definitely reducing.”

Listen to more episodes: 

Listen on Apple 

Listen on Spotify

Rate this article

Recent articles

Solving the Challenges of Engaging with Developers

On a recent episode of the Future of Application Security podcast, Chad Girouard, AVP Application Security at LPL Financial, talked about some of the challenges to overcome...

Read more
What’s Caused the Need for Software Supply Chain Security

On a recent episode of the Future of Application Security podcast, Dave Ferguson, Director of Technical Product Management, Software Supply Chain Security at ReversingLabs, explained why the...

Read more

Ready to Scale Your Application Security Program?

Sign up for a personalized one-on-one walkthrough.

Request a demo

[email protected]

Request a demo