Nathan is the manager of the application security team at Intuit Mailchimp. He has over 7 years of experience in application security working at both startups and Fortune 500 companies. In that time, Nathan has been both an engineer and a leader. His primary focus has been on building out application security programs by implementing scalable processes and efficient methodologies. Nathan holds a Master’s in Digital Forensics and CyberSecurity from John Jay College of Criminal Justice and a Bachelor’s in Music Composition from University of the Arts.

In this show, Nathan and Francesco discuss the start in application security, how to mentor new interns and bridge the skillgap and how to measure application security progress when deploying shift left methodologies in devsecops 

The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://www.phoenix.security for a free 14-day licence.

2:00 - Nathan's Intro

7:30 – from music to cybersecurity and new generation

11:00 – State of application security

14:00 – Vulnerability – What is a vulnerability in software

18:00 – How do you bring in the business in appsec – Product security

12:00 - Cybersecurity technicalities - Pen-tests  and regulation

16:00 - Cybersecurity and regulation in USA

19:00 - SBOM, Digital Software supply chain

20:00 – Risk for application security and business perspective

22:00 – Business categories of risk for application security

24:00 – Business criticality vs low criticality – how to talk about risk

26:00 – Prioritize work based on risk in application security   

27:00 – Avoiding burnout and preventing risk – Mailchimp program of work – SPIDER

31:00 – Doing more with less in application security

33:00 – Measuring shift left effectiveness – Dentist story

37:00 – Positive message and conclusion

Nathan

Blog: https://nathancooke.com/ 

Linkedin: https://www.linkedin.com/in/nathancooke7/

Cyber Security and Cloud Podcast hosted by Francesco Cipollone

Twitter @FrankSEC42

Linkedin: linkedin.com/in/fracipo 

#CSCP #cybermentoringmonday cybercloudpodcast.com 

Social Media Links Follow us on social media to get the latest episodes:Website: http://www.cybercloudpodcast.com/You can listen to this podcast on your favourite player:Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ Linkedin: https://www.linkedin.com/company/35703565/admin/  


Twitter: https://twitter.com/podcast_cyber   


Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/