GitHub’s Mike Hanley and Transforming the “Dept. of No” Into the "Dept. of Yes, And…” Artwork

What's in the SOSS? An OpenSSF Podcast

What's in the SOSS? features the sharpest minds in security as they dig into the challenges and opportunities that create a recipe for success in making software more secure.

Get a taste of all the ingredients that make up secure open source software (SOSS) and explore the latest trends at the intersection of AI and security, vulnerability management, and threat assessments.

Each episode of What's in the SOSS? is packed with valuable insight designed to foster collaboration and promote stronger security practices for the open source software community.

About Christopher Robinson (aka CRob), host
CRob is a 43rd level Dungeon Master and a 26th level Securityologist. He is a leader within several Open Source Security Foundation (OpenSSF) efforts and is a frequent speaker on cyber, application, and open source security. He enjoys hats, herding cats, and moonlit walks on the beach.

All Episodes

What's in the SOSS? An OpenSSF Podcast

GitHub’s Mike Hanley and Transforming the “Dept. of No” Into the "Dept. of Yes, And…”

September 03, 2024 • Omkhar Arasaratnam, OpenSSF

In this episode, Omkhar chats with Mike Hanley, Chief Security Officer and SVP of Engineering at GitHub. Prior to GitHub, Mike was the Vice President of Security at Duo Security, where he built and led the security research, development, and operations functions.

After Duo’s acquisition by Cisco for $2.35 billion in 2018, Mike led the transformation of Cisco’s cloud security framework and later served as CISO for the company. Mike also spent several years at CERT/CC as a Senior Member of the Technical Staff and security researcher focused on applied R&D programs for the US Department of Defense and the Intelligence Community.

When he’s not talking about security at GitHub, Mike can be found enjoying Ann Arbor, MI with his wife and nine kids.

01:21 Mike shares insight into transporting a family of 11
02:02 Mike’s day-to-day at GitHub
03:53 Advice on communicating supply chain risk
08:19 Transforming the “Department of No” into the “Department of Yes And…”
12:44 AI’s potential impact on secure open source software and, specifically, on software supply chains
18:02 Mike answers Omkhar’s rapid-fire questions
19:26 Advice Mike would give to aspiring security or software professionals
20:38 Mike’s call to action for listeners

Links