Show 002 – An Interview with Jim Routh
Jim Routh is the CISO of the Depository Trust and Clearing Corporation (DTCC). Jim is a veteran technology and security executive, having held positions at American Express and American Express Financial Advisors before joining DTCC. At DTCC, Jim designed and implemented an enterprise wide information security program based on risk management best practice, COBIT, and ISO 27001. He is a member of the Board of Directors for FS-ISAC and the Wall Street Technology Association.
February 3rd, 2009 at 9:30 am
[...] Yesterday we released the second episode of the Reality Check Podcast. This month’s victim is Jim Routh, CISO of Depository Trust Clearing Corporation (DTCC). DTCC has a very advanced software security initiative that is well worth learning about. We talk about that in this interview. Have a listen! [...]
February 26th, 2009 at 11:28 am
Hey Gary,
Another very informative podcast. To me, what you are showing is that there isn’t one set-in-stone path and you do a good job of coaxing out of the interviewees why and how they are doing SDL in their own way.
The idea of putting a source code static analysis tool into every developer’s hands is particularly intriguing and is why I am working like a madman to get OWASP’s Orizon to the level that it can be used in that capacity.
Stephen
March 2nd, 2009 at 6:29 am
Hi Stephen,
Thanks for your feedback. Jim has done an excellent job of rolling out software security in a financial services organization. His program is not only more mature than others I have studied, it is also slightly more distributed in the sense that developers outside the SSG are heavily involved.
I enjoy these conversations, because they allow me to get some of the many things I find out in my capacity as a consultant into the public record. I think it is great that people like Jim are so willing to share what they have learned.
gem