The Reality Check Security Podcast

Cássio Goldschmidt is senior manager of the product security team at Symantec. He leads efforts across the company to ensure and enable the development of secure software products. His responsibilities include managing Symantec’s internal SDL, training, threat modeling, pen testing, and vulnerability management. Cássio has 14 years of professional software industry experience, including eight years at Symantec. He’s an active OWASP member and represents Symantec on the SAFECode technical committee.

 

 Show 012 - An Interview with Cássio Goldschmidt [17:22m]: Play Now | Play in Popup | Download

Tom Lawton is Head of Information Security at the Markets Division of Thomson Reuters. The function of the Information Security group is “to translate the risk appetite of the business into cost effective controls”. Tom’s function provides advice, consultancy and tools to Architects and Technologists at Thomson Reuters as well as organizational security communication programs. Previously Tom led the Internal Audit function at Reuters Group, and was an Information Systems Auditor at the Bank of England and programmer at the Lloyds TSB Group.

 

 Show 011 - An Interview with Tom Lawton [20:16m]: Play Now | Play in Popup | Download

Antti Vähä-Sipilä is a product security specialist/manager at Nokia. He has years of experience with security of mobile devices, software security and connectivity technologies. Holding an alphabet soup of certifications, Antti specializes in privacy, product security and SDLs and working with non-profits focused on human rights.

Janne Uusilehto is head of Nokia product security. He has worked at Nokia since 1998. His team is the owner of the Product Security Laboratory and product security related education, awareness and process improvement. Janne is a board member of ICASI, vice chair of SAFEcode and chair of mobile security for DIGITALEUROPE.

 

 Show 010 - An Interview with Antti Vähä-Sipilä and Janne Uusilehto [19:13m]: Play Now | Play in Popup | Download

James McGovern is an enterprise architect for the Hartford and champion for secure coding practices not only within his organization but to the industry at large. James is the leader of the Hartford Chapter of OWASP, is a frequent speaker at industry conferences, and is a student of the human aspects of technology. James is a prolific Twitterer and can be found discussing topics ranging from IT Security to helping make poverty history.

Bob Briggs is a director of IT security and compliance for the Hartford. His responsibilities include security strategy development, SOX and PCI program management, and security project execution. He has implemented a secure system development and maintenance framework designed to ensure delivery of secure and compliant applications from his organization’s development lifecycle. Prior to his work in security, Bob was a developer and an architect, he supported field office automation and he supported technology liaison between the business and IT communities.

 

 Show 009 - An Interview with James McGovern and Bob Briggs [26:38m]: Play Now | Play in Popup | Download

Kris Inglis is Senior Manager in Research and Development at VMware. He’s served in a variety of technical and customer-facing roles and now leads the Product Security Group. The Product Security Group guides internal development practices to achieve secure-by-design objectives as well as handling security response for VMware products. Prior to his VMware career, Kris was an operating system and application analyst for the Canadian Federal Government.

 

 Show 008 - An Interview with Kris Inglis [22:29m]: Play Now | Play in Popup | Download

Jerry Archer is VP of information security and CISO of Intuit. His responsibilities include securing and protecting customer privacy for all of Intuit’s products, services, and internal systems and infosec initiatives across the company. Prior to his work with Intuit, Jerry was a managing director at Global Competitive Strategies, senior VP at Visa International, and senior VP at Fidelity. In his early career in the intelligence community, Jerry was awarded a Distinguished Service Award from the CIA and a Meritorious Unit Citation from the NSA.

 

 Show 007 - An Interview with Jerry Archer [21:30m]: Play Now | Play in Popup | Download

Andy Steingruebl is a manager on the information risk management team at PayPal. He manages the secure development program for all PayPal applications including the Web sites supporting PayPal’s 73 million active registered accounts. In addition, he also works with the information risk management team on issues of Internet governance, Internet policy, security protocols, and Internet infrastructure. Andy has been with PayPal since 2006.

 

 Show 006 - An Interview with Andy Steingruebl [21:08m]: Play Now | Play in Popup | Download

David Hahn is Senior Vice President and Group Information Security Officer for Internet Services at Wells Fargo Bank. David manages all areas of Information Security for wellsfargo.com which has 11 million active customers and is the dominant channel for financial transactions for Wells Fargo. David has been with Wells Fargo for 22 years. David participated in the BSIMM study and plans and executes the software security initiative at Wells Fargo.

 

 Show 005 - An Interview with David Hahn [21:29m]: Play Now | Play in Popup | Download

Brad Arkin is Director of Product Security and Privacy at Adobe Systems, where he has been tasked with reorganizing and accelerating product security. He comes to Adobe with plenty of real world experience in software security. He began his career at Cigital where he helped Gary form the software security group in 1997. He also served as a Technical Director at @Stake and a Senior Manager at Symantec (after the acquisition). He was also Vice President of Product Management at StepNexus. Brad’s years of experience in software security operations and execution give him a unique perspective.

 

 Show 004 - An Interview with Brad Arkin [18:46m]: Play Now | Play in Popup | Download

Eric Baize is Senior Director in the Product Security Office at EMC. Eric has company-wide responsibility for product assurance. He also drives the integration between RSA and EMC products and solutions. Eric pioneered EMC’s push towards security. He was a founding member of the executive team who defined EMC’s information-centric security vision (including the acquisition of RSA in 2006). Eric is a regular speaker at security conferences, is on the Board of Safecode, holds a US patent, and has written international security standards.

 

 Show 003 - An Interview with Eric Baize [23:06m]: Play Now | Play in Popup | Download