Working with Engineering on Security

This episode brings Shaun Blackburn into the spotlight, currently the CISO at Gemini, with a rich background in incident response, vulnerability management at Airbnb, cloud infrastructure security at Netflix, and a stint as a SOC manager at AWS. James and Shaun discuss the intricate weave of vulnerability management, security engineering, and operations, emphasizing the transformative approach to vulnerability management through automation and collaborative engineering efforts.

Key Discussion Points:

• Shaun Blackburn's Comprehensive Security Background: Exploring Shaun's diverse experiences across major tech firms and how these roles have shaped his understanding and approach to security.
• Engineering the Future of Vulnerability Management: Shaun shares insights into Netflix's pioneering approach to automated vulnerability management, highlighting the shift from traditional, manual remediation processes to automated, engineering-driven solutions.
• Building a Collaborative Security Culture: The conversation delves into strategies for fostering partnerships between security teams and service owners, aiming for a unified vision that benefits the entire organization.
• The Role of QA in Security: Addressing the critical importance of improving QA processes to facilitate smoother, more efficient vulnerability management practices.
• Adapting to the Evolving Landscape of Security Tools: Shaun discusses the need for a defense-in-depth approach in selecting security tools, emphasizing the importance of coverage, speed, and the capability to address specific threat models.

Why It Matters:  In a landscape where vulnerabilities are a constant and evolving threat, Shaun Blackburn's insights provide a roadmap for transitioning from reactive to proactive security measures. This episode is a must-listen for those seeking to understand the potential of engineering and automation in transforming vulnerability management processes. Through collaborative efforts and strategic tool selection, organizations can achieve more resilient and responsive security postures, ultimately leading to a safer digital environment. Join us for a forward-thinking discussion on redefining vulnerability management for the modern age.

‍