What Application and Product Security (Really) Is with Ty Sbano

Today's guest shared an eye-opening definition: "Application security is an evolving narrative. It's all about collaborating and interacting with the people building the business."

When Ty Sbano started, application security wasn't really called application security. He was fortunate enough to be one of the early folks that had a formal degree in information technology with a focus on security from Penn State University.

From JP Morgan to Capital One to the startup field, Ty collects over 15 years of experience in security. Today, he is Chief Trust and Security Officer at Sisense and he sat down with us to discuss all things AppSec, how to build early, robust security teams, and how to lead with empathy in an evolving agile environment.

Topics discussed in this episode:

• Ty’s background in the financial/fintech industry and his current focus on data science and the conversions of security.
• What application and product security means and why it's really important to enable companies to move fast.
• The importance of choosing one vertical in information security and being an expert at it.
• How an agile methodology and manifesto help ship product features and engage engineers.
• How security practical programs differ between large enterprises and startups.
• Security tooling: Building vs Buying.
• Building early security teams: good patterns that are important to get established in the beginning.
• The relationship between an application security function and an incident response function.
• 3 pieces of actionable advice for security teams.