In this episode, we explore the crucial role of cultivating a strong security culture to drive change in AppSec, where training and collaboration are key. Our distinguished guest, Danielle Ruderman, discusses the importance of executive support in ensuring that application development isn't just about churning out apps on time, but also about adopting a secure-by-design approach. We also dive into how to empower developers, foster psychological safety, and make security everyone's responsibility. Tune in for actionable insights on transforming your security culture within your applications team and beyond.
Segment Resources: • AWS Security Blog How the unique culture of security at AWS makes a difference: https://aws.amazon.com/blogs/security/how-the-unique-culture-of-security-at-aws-makes-a-difference/ • AWS Security Blog How AWS built the Security Guardians program, a mechanism to distribute security ownership: https://aws.amazon.com/blogs/security/how-aws-built-the-security-guardians-program-a-mechanism-to-distribute-security-ownership/ • AWS Security Blog How to build a Security Guardians program to distribute security ownership (part 2): https://aws.amazon.com/blogs/security/how-to-build-your-own-security-guardians-program/ • Application Security in the AWS Well Architected Framework: https://aws.amazon.com/blogs/security/how-to-build-your-own-security-guardians-program/ • AWS Security Blog How to approach threat modeling: https://aws.amazon.com/blogs/security/how-to-approach-threat-modeling/ • GitHub: Threat Composer is a simple threat modeling tool to help humans to reduce time-to-value when threat modeling: https://github.com/awslabs/threat-composer • Workshop: Threat Modeling the right way for builders: https://catalog.workshops.aws/threatmodel/en-US
In her role as a Senior Manager at AWS, Worldwide Security Specialists, Danielle is responsible for global scale programs that enable AWS customers and employees to adopt AWS and Partner solutions to improve security posture. In 2020 she founded the global AWS CISO Circles program, which brings together customer and AWS security executives in over 29 countries for candid discussion under NDA and Chatham House Rule. Danielle has 25 years in tech under her belt, with eight of those in security-focused roles at AWS since joining the team in 2016. She began her tech career as a developer, working in each phase of the software development lifecycle for federal, non-profit, enterprise, and startup organizations and has led biomedical IT modernization and business transformation projects. Her educational credentials include Bachelor of Science, Chemistry at Washington and Lee University and Certificate in Executive Leadership, Humanities in Technology Leadership at Virginia Tech.
