November 28

The Security Catalyst Podcast: A Conversation with Brian Chess

0  comments

On this program, we share a conversation with Brian Chess, the author of Secure Programming with Static Analysis – a conversation that is a must listen for business leaders, security professionals and developers if you want to learn how to engage your teams to better protect information.

Brian takes an approach with secure programming that is similar to the approach I follow when assessing and implementing awareness and training programs. So whether you are a developer or not, you will change the way you protect information by listening to Brian!

What I took away from my conversation with Brian
After reflecting on our conversation (I explain more during the podcast), here are the top five points I took away:

1. Introspection is important when looking to protect information. To me, this also means we have to stop blaming and looking to assign blame. We can look within, take (and encourage) responsibility and find solutions.

2. Trust is paramount. We have to find ways to establish and maintain trust, offline and online.

3. We need to develop processes and tools to support our experts in a way that naturally engages them and encourages their participation in information protection.

4. New processes, new learning and new tools require an initial investment (time, money and resources) that may sometimes seem sizeable – but the savings are realized rapidly and bring long-term positive benefits.

5. In security, we need to stop griping and learn to be good coming from behind. It’s okay, and we can do it.

What did you take away from this conversation? Send me an email: securitycatalyst@gmail.com, or better yet – join us in the security catalyst community – www.securitycatalyst.org and share your insights with others.

Information and Links

Brian Chess, Ph.D., Founder & Chief Scientist
http://extra.fortifysoftware.com/blog/bloggers.html

Dr. Chess’s research focuses on methods for creating secure systems. He received his Ph.D. from the University of California at Santa Cruz, where he applied his background in integrated circuit test and verification to the problem of identifying security errors in software. In addition to authoring numerous patents and technical papers, Dr. Chess has more than ten years of experience in the commercial software arena, having led development efforts at Hewlett Packard and NetLedger.

Secure Programming with Static Analysis
http://www.amazon.com/Programming-Analysis-Addison-Wesley-Software-Security/dp/0321424778/ref=sr_1_1?ie=UTF8&s=books&qid=1196292147&sr=8-1

Blogging with Brian Chess
http://extra.fortifysoftware.com/blog/

Serving Your Needs
I thoroughly enjoy researching and producing these podcasts – and looking forward to getting back into a programming schedule with a bit more regularity. I’ve also been impressed with the Talk Shoe service, and considering hosting more podcasts through Talk Shoe so you can listen in live.

Let me know if you would listen live and participate if we made that an option, and who you would like to share a conversation with by sending me a note: securitycatalyst@gmail.comAs always, thanks for the gift you give me by listening. If you liked the program, tell a friend. If not, tell me!


Tags


You may also like

Are you using frameworks properly?

Leadership and communication are actually layers, not levels

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Subscribe to our newsletter now!