Empathy — that ability to understand what others are feeling — might be the secret ingredient when it comes to successfully shifting security into the developer world. Snyk co-founder and president Guy Podjarny hosts The Secure Developer podcast, and in interview after interview, guests have repeatedly spoken about how empathy, understanding, and a bias toward action are the biggest components of a successful developer-first security culture.
Can you enumerate every single network socket which can be used to hack into your cloud environment and steal your data? When counting, are you including the laptops of people who already authenticated and have access? The purpose of opening with this question is not to instill fear. Trying to answer it probably leads to “it’s complicated” and the complexity of access is what this article will cover. Complexity is our collective enemy in the computing industry.
HSM stands for hardware security module. HSMs are hardware devices. They can be quite small and plugged into the main board of a computer, or they sit side by side in a server rack. They store sensitive data such as private keys. HSMs do not allow you to read that sensitive data back; instead, they expose only cryptographic operations like signing of certificates or encrypting data. This provides stronger protections for storing private keys compared to disks or databases.
As organizations continue to adopt DevSecOps practices to deliver secure software, security ownership is an ever-critical consideration. Snyk recently held a roundtable with Twilio to discuss security ownership in 2021. In this post, we’ll recap the discussion between Guy Podjarny, President & Co-Founder of Snyk, and Yashvier Kosaraju, Senior Manager of Product Security at Twilio.
