The Reality Check Security Podcast

Jerry Archer is VP of information security and CISO of Intuit. His responsibilities include securing and protecting customer privacy for all of Intuit’s products, services, and internal systems and infosec initiatives across the company. Prior to his work with Intuit, Jerry was a managing director at Global Competitive Strategies, senior VP at Visa International, and senior VP at Fidelity. In his early career in the intelligence community, Jerry was awarded a Distinguished Service Award from the CIA and a Meritorious Unit Citation from the NSA.

 

 Show 007 - An Interview with Jerry Archer [21:30m]: Play Now | Play in Popup | Download

Andy Steingruebl is a manager on the information risk management team at PayPal. He manages the secure development program for all PayPal applications including the Web sites supporting PayPal’s 73 million active registered accounts. In addition, he also works with the information risk management team on issues of Internet governance, Internet policy, security protocols, and Internet infrastructure. Andy has been with PayPal since 2006.

 

 Show 006 - An Interview with Andy Steingruebl [21:08m]: Play Now | Play in Popup | Download

David Hahn is Senior Vice President and Group Information Security Officer for Internet Services at Wells Fargo Bank. David manages all areas of Information Security for wellsfargo.com which has 11 million active customers and is the dominant channel for financial transactions for Wells Fargo. David has been with Wells Fargo for 22 years. David participated in the BSIMM study and plans and executes the software security initiative at Wells Fargo.

 

 Show 005 - An Interview with David Hahn [21:29m]: Play Now | Play in Popup | Download

Brad Arkin is Director of Product Security and Privacy at Adobe Systems, where he has been tasked with reorganizing and accelerating product security. He comes to Adobe with plenty of real world experience in software security. He began his career at Cigital where he helped Gary form the software security group in 1997. He also served as a Technical Director at @Stake and a Senior Manager at Symantec (after the acquisition). He was also Vice President of Product Management at StepNexus. Brad’s years of experience in software security operations and execution give him a unique perspective.

 

 Show 004 - An Interview with Brad Arkin [18:46m]: Play Now | Play in Popup | Download

Eric Baize is Senior Director in the Product Security Office at EMC. Eric has company-wide responsibility for product assurance. He also drives the integration between RSA and EMC products and solutions. Eric pioneered EMC’s push towards security. He was a founding member of the executive team who defined EMC’s information-centric security vision (including the acquisition of RSA in 2006). Eric is a regular speaker at security conferences, is on the Board of Safecode, holds a US patent, and has written international security standards.

 

 Show 003 - An Interview with Eric Baize [23:06m]: Play Now | Play in Popup | Download

Jim Routh is the CISO of the Depository Trust and Clearing Corporation (DTCC). Jim is a veteran technology and security executive, having held positions at American Express and American Express Financial Advisors before joining DTCC. At DTCC, Jim designed and implemented an enterprise wide information security program based on risk management best practice, COBIT, and ISO 27001. He is a member of the Board of Directors for FS-ISAC and the Wall Street Technology Association.

 

 Show 002 - An Interview with Jim Routh [23:48m]: Play Now | Play in Popup | Download

Steve Lipner is the senior director of security engineering strategy in Microsoft’s trustworthy computing group. Steve runs the Security Development Lifecycle team focused on product security and privacy. Steve has been active in computer security for thirty-five years. He holds a B.S. and an M.S. from MIT. His book The Security Development Lifecycle co-authored with Mike Howard is required reading in the field.

 

 Show 001 - An Interview with Steve Lipner [22:26m]: Play Now | Play in Popup | Download

The Reality Check Podcast with Gary McGraw focuses directly on software security practitioners and practical software security. Reality Check’s sister podcast, the Silver Bullet Security Podcast with Gary McGraw, follows a free form interview style tailored highlight the ideas and experience of security gurus. By contrast, Reality Check is concerned with practical questions centered on running large-scale software security initiatives in the real world.

Reality Check targets experienced leaders working to solve software security problems in large organizations every day. We use a standard script to guide each conversation with questions about history, methodology, best practice, and measurement. We plan to interview leaders of mature software security programs and leaders of programs just getting started.

Your feedback is absolutely welcome. Please subscribe to the series through or RSS feed or through iTunes.

The Reality Check Podcast with Gary McGraw will focus on software security practitioners and practical software security. We’ll interview people involved in running large-scale software security initiatives. Our first conversation will be with Steve Lipner who runs Microsoft’s Secure Development Lifecycle team. Check back here on January 5th or sign up with our RSS feed.