Go offline with the Player FM app!
EP 45 — Toast’s David Kosorok on Leading Application Security with Collaboration, Empathy, and Good Data
Manage episode 376904402 series 3330694
In this episode of the Future of Application Security, Harshil speaks with David Kosorok, Director of AppSec at Toast, a restaurant point of sale and management system. They discuss how to build an application security program from the ground up by prioritizing initiatives, establishing security champions, and bringing in great people — and why gathering and analyzing good data is the foundation to it all. They also discuss how to identify and fix struggles your team may have, why collaborating with product managers is key, and ways in which to positively impact security culture.
Topics discussed:
- How to build an appsec program from the ground up by establishing and prioritizing initiatives, leveraging security champions and ambassadors, identifying resources, and bringing in great people.
- The importance of collecting and analyzing data in order to gain clarity and understanding on the current state of security and where to take action.
- Why working with product managers is key to building better security programs, and how to build trust and collaboration with others across the organization.
- How to identify struggles the team is having in implementing security standards, and how to improve processes through education and vision.
- How to impact security culture by increasing transparency through regular open meetings, storytelling, and inspiration.
- How David has mentored individuals who went on to join the security community.
- The importance of sharing learnings to the security community to increase overall education and awareness.
60 episodes
Manage episode 376904402 series 3330694
In this episode of the Future of Application Security, Harshil speaks with David Kosorok, Director of AppSec at Toast, a restaurant point of sale and management system. They discuss how to build an application security program from the ground up by prioritizing initiatives, establishing security champions, and bringing in great people — and why gathering and analyzing good data is the foundation to it all. They also discuss how to identify and fix struggles your team may have, why collaborating with product managers is key, and ways in which to positively impact security culture.
Topics discussed:
- How to build an appsec program from the ground up by establishing and prioritizing initiatives, leveraging security champions and ambassadors, identifying resources, and bringing in great people.
- The importance of collecting and analyzing data in order to gain clarity and understanding on the current state of security and where to take action.
- Why working with product managers is key to building better security programs, and how to build trust and collaboration with others across the organization.
- How to identify struggles the team is having in implementing security standards, and how to improve processes through education and vision.
- How to impact security culture by increasing transparency through regular open meetings, storytelling, and inspiration.
- How David has mentored individuals who went on to join the security community.
- The importance of sharing learnings to the security community to increase overall education and awareness.
60 episodes
All episodes
×Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.