Go offline with the Player FM app!
EP 26 — Derek Fisher: How Envestnet Scales Product Security
Manage episode 359946962 series 3330694
In this episode of the Future of Application Security, Harshil speaks with Derek Fisher, the Head of Product Security at Envestnet, a publicly traded financial technology company that connects people's daily financial decisions with their long-term financial goals. Derek is a highly accomplished professional with an exceptional track record in engineering and information security. With his experience as an award-winning author, speaker, leader, and university instructor, Derek provides valuable insights into the world of application security and risk management.
Key topics discussed:
- The step-by-step approach to build a mature application security program.
- Utilizing tools like dynamic scanners and software composition for vulnerability management.
- Collaboration with product and engineering teams to stay informed about upcoming changes.
- Importance of early involvement in the development lifecycle to enhance security.
- The role of enterprise architecture teams in the application security process.
- Challenges in tracking and responding to development team activities in agile environments.
Resources mentioned:
- Derek's book, "The Application Security Program Handbook"
- Derek's children's book, "Alicia Connected"
60 episodes
Manage episode 359946962 series 3330694
In this episode of the Future of Application Security, Harshil speaks with Derek Fisher, the Head of Product Security at Envestnet, a publicly traded financial technology company that connects people's daily financial decisions with their long-term financial goals. Derek is a highly accomplished professional with an exceptional track record in engineering and information security. With his experience as an award-winning author, speaker, leader, and university instructor, Derek provides valuable insights into the world of application security and risk management.
Key topics discussed:
- The step-by-step approach to build a mature application security program.
- Utilizing tools like dynamic scanners and software composition for vulnerability management.
- Collaboration with product and engineering teams to stay informed about upcoming changes.
- Importance of early involvement in the development lifecycle to enhance security.
- The role of enterprise architecture teams in the application security process.
- Challenges in tracking and responding to development team activities in agile environments.
Resources mentioned:
- Derek's book, "The Application Security Program Handbook"
- Derek's children's book, "Alicia Connected"
60 episodes
All episodes
×Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.