Michael Hanley of GitHub on Why Security Needs Engineering, and Vice Versa
In this episode of the Detection at Scale, Jack speaks with Michael Hanley, Chief Security Officer and SVP of Engineering at GitHub. He also spent five years at Duo Security building their security program, and is passionate about making security easy and accessible for everyone.
Topics include:
- How to think about managing in a dual role as both head of security and engineering, and what success looks like for both.
- What some of the synergies are between security and engineering, and why the two should work as closely as possible.
- The security strategy of retaining the integrity of the world's important projects at GitHub.
- The importance of democratizing security, and making it accessible for everyone.
- The mentality of baking software development into security.
- When to introduce a security team into an organization, how to build a SecOps team, and the evolution of security within companies.
- Actionable steps for security leaders to take regarding professional development, culture, and sharing notes.
Resources:
- Michael's favorite open source security tools: Stream Alert, Cloud Mapper, SiLK Suite
- Keep in touch with Michael Hanley on LinkedIn: https://www.linkedin.com/in/michael-hanley-b6508913/
Related Podcasts

Adeel Saeed on How to Move from A Reactive to a Proactive Threat Detection & Response Model
Adeel is an experienced technology strategist and digital transformation leader with extensive hands-on technology and information security management experience and has led multiple large scale complex technology transformation projects.

Chris Hodson of Contentful on How Modern Detection Teams Can Thrive in a Cloud-Based World
Chris Hodson is the CISO at Contentful, which helps digital teams assemble content and deliver experiences, faster. Prior to Contentful, Chris was at Zscaler and Tanium and also busy writing a book called Cyber Risk Management: Prioritize Threat, Identify Vulnerabilities, and Apply Controls.