r2c’s Clint Gibler: How To Succeed in AppSec at Scale
Clint Gibler is the Head of Security Research for r2c, the company behind SEMGREP, a popular open-source static analysis security scanning tool used by teams all over the world.
He joined r2c to help build and shape the future of AppSec; one that includes secure defaults along with lightweight enforcement of those defaults.
In today's episode, Clint talks about SEMGREP, operationalization of tools for security teams, intersection between AppSec and D&R as well as tips to succeed in AppSec at scale.
More topics discussed in this episode:
- SEMGREP's origin story and benefits
- The security startup creation pattern of recent years
- Trend shift to developers operating security problems at scale
- r2c's mission and products in addition to open source
- How application logs are useful in detection and response
- Type of vulnerabilities Clint is seeing more often
- Application security developments he is most excited about
tl;dr Sec Newsletter: tldrsec.com
Aston Martin’s Robin Smith: Advocating For Lean Security Programs
Tune in to learn more about what lean security is, why Robin has always seen security as an asset, and how you can embed that value into your organization.
Snowflake’s Haider Dost and Daniel Wyleczuk-Stern: What You Need To Start Building a Scalable Detection Program
Snowflake’s Global Threat Intelligence and Detection Engineering Leader, Haider Dost and Senior Security Engineer, Daniel Wyleczuk-Stern discuss why data and being able to query that data is a critical first step.
Rumble’s Chris Kirsch: How Asset Discovery Can Help with Detection and Response
Chris Kirsch, CEO and co-founder of Rumble, discusses why covering the basics, like having a full inventory of your network with all the managed and unmanaged devices, is a best practice to secure any environment.