Check out our newest course in our academy: Practical TLS!
In this episode of the We Hack Purple podcast host Tanya Janca met with Frank Cipollone from Phoenix Security in the UK! We talked about this latest white paper ‘SLAs are Dead, Long Live SLAs!’, how AppSec folks aren’t necessarily ‘great’ at maintaining their own SLAs, and how to empower a team to do their own governance and be responsible for their own risk. We talked about how to figure out the security maturity model you are looking for, and what kind of language we can use to help a client decide it for themselves. We also talked about how to get several industry experts to work on the same document together: spoiler alert, it’s hard! Listen to hear more!
Show Notes:
The White Paper: SLAs are Dead, Long Live SLAs! Data Driven Vulnerability Management
Frank’s Podcast: Cyber Security and Cloud Podcast
Several MORE White Papers from Phoenix Security:
Vulnerability management and regulation: https://phoenix.security/whitepapers-resources/whitepaper-vulnerability-management-in-application-cloud-security/
Upcoming Webinars with Frank!
16/02 – 4m GMT – Brooks Shoenfield – SLA, application security and data driven programs
22/2 – 5 PM GMT – Chris Romeo – Data Driven Application security programs, how to measure maturity and scale
Frank’s Bio:
Francesco is a seasoned entrepreneur, CEO of the Application Security Risk based posture management Appsec Phoenix, author of several books, host of multi award Cyber Security & Cloud Podcast, speaker and known in the in the cybersecurity industry and recognized for his visionary views. He currently serves as Chapter Chair UK&I of the Cloud Security Alliance. Previously, Francesco headed the application and cloud security at HSBC and was Senior Security Consultant at AWS. Francesco has been keynoting at global conferences, have authored and co-authored of a number of books. Outside of work, you can find me running marathons, snowboarding on the Italian slopes, and enjoying single malt whiskeys in one of my favourite London clubs.
Very special thanks to our sponsor: Phoenix Security!
Phoenix Security ingests data from any security tool, cloud, or code, correlates vulnerabilities, contextualizes, prioritizes and translates into risk. Phoenix Algorithm selects the subset of vulnerabilities more likely to get exploited in the next 30 days, delivering them to the engineers’ backlog.
From Code to cloud contextualize, Prioritize enables security engineers to act on the risk that matters most without burning out.