In this episode, we sit down with Jim Manico, a longtime industry AppSec Leader, Educator, and Innovator, to discuss enhancing software security in the era of AI.

This includes covering recent talks Jim has given about using AI as a force multiplier for software development, the importance of security-centric prompting, and the overall impact of AI on the field of AppSec.

We discussed:

• A recent talk Jim gave where he discussed transforming secure software creation with AI, doing the work of teams of people on his own, and what used to take tens of thousands of hours through the use of agents and various frontier models and offerings.
• The importance of security-centric prompting and guidance for models to produce secure code and the impact on vulnerability velocity by doing so.
• The risks of the broader developer community leaning into these tools without adding security-centric prompts and guidance, but the opportunity for prompt libraries and enterprise controls to lead to systemic secure software development within the enterprise.
• The workforce implications of AI-driven development and the need to upskill to stay relevant (and employable).
• Where Jim sees opportunity beyond just AppSec when it comes to AI and Cybersecurity, in other areas such as GRC and SecOps as well.

In this episode, we sat down with AJ Yawn, Author of the upcoming book GRC Engineering for AWS and Director of GRC Engineering at Aquia, to discuss how GRC engineering can transform compliance.

We discussed the current pain points and challenges in Governance, Risk, and Compliance (GRC), how GRC has failed to keep up with software development and the threat landscape, and how to leverage cloud-native services, AI, and automation to bring GRC into the digital era.

We dove into:

• What the phrase “GRC Engineering” means and how it differs from traditional Governance, Risk and Compliance
• What some of the major issues are with traditional compliance in the age of DevSecOps, Cloud, API’s, Automation and now AI
• Specific examples of GRC Engineering, including the use of automation, API’s and cloud-native services to streamline security control implementation, assessment and reporting
• The promise and potential of AI in GRC, and how AJ is using various models for control assessments, artifact creation and more, and how GRC practitioners should be leveraging AI as a force multiplier
• AJ’s new book “GRC Engineering For AWS: A Hands-On Guide to Governance, Risk and Compliance Engineering”

In this episode of Resilient Cyber, we chat with Patrick Duffy, Product Manager at Material Security, on Securing the Modern Workspace.

The conversation will include discussions about the increased adoption of cloud office suites, limitations of traditional security approaches, and a deep dive into how Material Security is tackling issues such as securing email and data, identity threat detection, and posture management.

• Stepping back a bit before we get too specific, we've seen major fundamental shifts in the way organizations work and operate today, including widespread adoption of Cloud Office Suites (e.g., Google Workspaces, Microsoft 365, etc.). How have these shifts changed the threat landscape, and what sort of issues are we seeing with traditional security practices when it comes to securing these environments?
• We know phishing and email attacks are common and critical to protect against, but what about challenges around visibility of accounts/activity, sensitive data, and secure configurations and posture?
• Getting more specific to Material, can you help us understand how you all approach this problem space from a platform and offering perspective? What are some key features and abilities Material Security customers utilize to secure their cloud office suite environments, and what threats do they help against?
• What are some key differentiators for Material compared to some of the other vendors working on this problem, or even how do you all differ from some of the native security capabilities of environments such as M365 or Google Workspace?
• This space continues to evolve, both in terms of the cloud workspace environments and their usage by organizations and the relevant threats. How is Material preparing for these changes, whether it's the widespread adoption of AI, increased complexity, and so on
• It's always great to hear some first-hand use cases and applications. Can you share some examples where Material Security has found success with specific customers and users of the solution?
• We've covered everything from the pitfalls and shortcomings of traditional security approaches to cloud office suites to where the market is headed. Where can folks learn more about Material, and what should we keep an eye out for next?