Why choose Panoptica?
Four reasons you need the industry’s leading cloud-native security solution.
It was wonderful getting the cloud security community together in New York City last Thursday. We were so thankful to have Brian Lozada, CISO Prime Video & Studios at Amazon join us for a brief Q&A with Panoptica CEO and Cofounder, Vladi Sandler.
Here’s a quick recap on the discussion. A common theme to winning together: SecOps working seamlessly with DevOps. Let’s dive in…
Auto remediation depends on developers. The less moving parts, the better. Brian notes there is opportunity here but must be approached with caution and done together hand in hand with developers. While it has the potential to save time and improve the efficiency of security operations, it can also be risky and cause more headaches for your DevOps teams if not implemented carefully. Read more about the Dangers of Corrective Auto Remediation in Your Public Cloud.
Talent: How you can scale security when engineering responsibility is owned by a CIO or CTO organization? What skills are necessary for success on a DevSecOps team?
First is recognizing there currently isn’t enough talent. Brian notes “Security has negative unemployment”.
Leaders should assess, “How can your talent be successful in your environment?” And the key things is developer behavior and preferred practices. Security has to understand the developer pipeline and work streams. Make deposits, before you make withdrawals. Invest in getting an intimate understanding of them and their work. Then you can collaborate and advise on how security can be a part of that.
Security must ENABLE, Brian says. Hire or train folks to think in a problem solving approach. At Amazon, he tells his team to be engineers first, then bring in security into that mindset.
It goes back to their workflow. Especially in big organizations, bring everything back to their comfort level within the CI/CD pipeline. Since every team has their own pipeline, it is security’s role to educate themselves. Security has to understand first and then take action.
Become a value add. Devs DO NOT want to be slowed down. You’ll get stiff armed. Make it as easy as possible. Make it conceivable for developers … they need to consume it, Brian says.
It was great to bring 50 cloud security engineers and partners together for celebrations and learning for our second New York City cloud security meetup. We are so thankful for Brian for sharing his thoughts and can’t wait to do it again soon.