{"version":"1.0.0","segments":[{"speaker":"Unknown","startTime":4.019,"endTime":7.739,"body":"From our headquarters"},{"speaker":"Unknown","startTime":4.019,"endTime":7.739,"body":"in Oslo, Norway, and on behalf"},{"speaker":"Unknown","startTime":7.739,"endTime":9.869,"body":"of our host Robby Peralta."},{"speaker":"Unknown","startTime":11.01,"endTime":13.8,"body":"Welcome to the mnemonic security"},{"speaker":"Unknown","startTime":11.01,"endTime":13.8,"body":"podcast."},{"speaker":"Robby Peralta","startTime":15.07,"endTime":18.07,"body":"Imagine a world"},{"speaker":"Robby Peralta","startTime":15.07,"endTime":18.07,"body":"without software, let it sink in"},{"speaker":"Robby Peralta","startTime":18.07,"endTime":20.29,"body":"a bit, and you'll probably"},{"speaker":"Robby Peralta","startTime":18.07,"endTime":20.29,"body":"conclude that the world is"},{"speaker":"Robby Peralta","startTime":20.29,"endTime":23.68,"body":"definitely a better place with"},{"speaker":"Robby Peralta","startTime":20.29,"endTime":23.68,"body":"it. Now think about software"},{"speaker":"Robby Peralta","startTime":23.68,"endTime":27.49,"body":"again, but software without"},{"speaker":"Robby Peralta","startTime":23.68,"endTime":27.49,"body":"vulnerabilities, let it sink in"},{"speaker":"Robby Peralta","startTime":27.49,"endTime":29.74,"body":"a bit. And they'll probably"},{"speaker":"Robby Peralta","startTime":27.49,"endTime":29.74,"body":"conclude that the world is"},{"speaker":"Robby Peralta","startTime":29.74,"endTime":31.81,"body":"definitely a better place"},{"speaker":"Robby Peralta","startTime":29.74,"endTime":31.81,"body":"without software"},{"speaker":"Robby Peralta","startTime":31.81,"endTime":34.96,"body":"vulnerabilities. That being"},{"speaker":"Robby Peralta","startTime":31.81,"endTime":34.96,"body":"said, you wouldn't be listening"},{"speaker":"Robby Peralta","startTime":34.96,"endTime":37.66,"body":"to this podcast and you probably"},{"speaker":"Robby Peralta","startTime":34.96,"endTime":37.66,"body":"wouldn't have a job within"},{"speaker":"Robby Peralta","startTime":37.66,"endTime":40.87,"body":"cybersecurity. By now, I think"},{"speaker":"Robby Peralta","startTime":37.66,"endTime":40.87,"body":"we've all understood that"},{"speaker":"Robby Peralta","startTime":40.87,"endTime":44.32,"body":"software security is complex,"},{"speaker":"Robby Peralta","startTime":40.87,"endTime":44.32,"body":"and concepts such as DevOps are"},{"speaker":"Robby Peralta","startTime":44.32,"endTime":46.78,"body":"influencing its popularity"},{"speaker":"Robby Peralta","startTime":44.32,"endTime":46.78,"body":"within the infosec world."},{"speaker":"Robby Peralta","startTime":47.38,"endTime":49.75,"body":"Therefore, I'd thought I'd bring"},{"speaker":"Robby Peralta","startTime":47.38,"endTime":49.75,"body":"on a veteran to the software"},{"speaker":"Robby Peralta","startTime":49.75,"endTime":52.99,"body":"security game, who has spent his"},{"speaker":"Robby Peralta","startTime":49.75,"endTime":52.99,"body":"entire professional career and"},{"speaker":"Robby Peralta","startTime":52.99,"endTime":56.59,"body":"life focusing on the matter."},{"speaker":"Robby Peralta","startTime":52.99,"endTime":56.59,"body":"Nick Murison, welcome to the"},{"speaker":"Robby Peralta","startTime":56.59,"endTime":57.16,"body":"podcast."},{"speaker":"Nick Murison","startTime":57.539,"endTime":58.409,"body":"Thanks for having"},{"speaker":"Nick Murison","startTime":57.539,"endTime":58.409,"body":"me,"},{"speaker":"Robby Peralta","startTime":58.0,"endTime":62.11,"body":"So the background"},{"speaker":"Robby Peralta","startTime":58.0,"endTime":62.11,"body":"of this chat! We had a kickoff"},{"speaker":"Robby Peralta","startTime":62.11,"endTime":65.35,"body":"for a customer of mine recently,"},{"speaker":"Robby Peralta","startTime":62.11,"endTime":65.35,"body":"which included a CISO trying to"},{"speaker":"Robby Peralta","startTime":65.35,"endTime":69.1,"body":"introduce security into their"},{"speaker":"Robby Peralta","startTime":65.35,"endTime":69.1,"body":"development lifecycle. And this"},{"speaker":"Robby Peralta","startTime":69.1,"endTime":72.58,"body":"is the smart CISO so so he was"},{"speaker":"Robby Peralta","startTime":69.1,"endTime":72.58,"body":"aware not to force anything on"},{"speaker":"Robby Peralta","startTime":72.58,"endTime":75.91,"body":"to his developers. So we"},{"speaker":"Robby Peralta","startTime":72.58,"endTime":75.91,"body":"basically invited everyone to a"},{"speaker":"Robby Peralta","startTime":75.91,"endTime":78.97,"body":"secure coding workshop to"},{"speaker":"Robby Peralta","startTime":75.91,"endTime":78.97,"body":"introduce the idea of security"},{"speaker":"Robby Peralta","startTime":78.97,"endTime":83.2,"body":"in a fun way without being so"},{"speaker":"Robby Peralta","startTime":78.97,"endTime":83.2,"body":"very intrusive. And long story"},{"speaker":"Robby Peralta","startTime":83.2,"endTime":85.63,"body":"short, that worked out great. It"},{"speaker":"Robby Peralta","startTime":83.2,"endTime":85.63,"body":"was an inspiration for the"},{"speaker":"Robby Peralta","startTime":85.63,"endTime":88.87,"body":"episode, and the colleague that"},{"speaker":"Robby Peralta","startTime":85.63,"endTime":88.87,"body":"I was with for that workshop, he"},{"speaker":"Robby Peralta","startTime":88.87,"endTime":90.91,"body":"said that you are the man to"},{"speaker":"Robby Peralta","startTime":88.87,"endTime":90.91,"body":"talk to you about software"},{"speaker":"Robby Peralta","startTime":90.91,"endTime":95.44,"body":"security. And voila, you're here"},{"speaker":"Robby Peralta","startTime":90.91,"endTime":95.44,"body":"today via the recommendation of"},{"speaker":"Robby Peralta","startTime":95.44,"endTime":98.62,"body":"my trusted advisor for software"},{"speaker":"Robby Peralta","startTime":95.44,"endTime":98.62,"body":"security. So congratulations!"},{"speaker":"Nick Murison","startTime":98.77,"endTime":100.18,"body":"Well, thank you."},{"speaker":"Nick Murison","startTime":98.77,"endTime":100.18,"body":"I'm honored!"},{"speaker":"Robby Peralta","startTime":100.18,"endTime":101.89,"body":"Well I don't know"},{"speaker":"Robby Peralta","startTime":100.18,"endTime":101.89,"body":"if I should say"},{"speaker":"Robby Peralta","startTime":101.89,"endTime":104.26,"body":"\"congratulations\". But yeah,"},{"speaker":"Robby Peralta","startTime":101.89,"endTime":104.26,"body":"honored at least cuz he's a he's"},{"speaker":"Robby Peralta","startTime":104.26,"endTime":105.46,"body":"a pretty respected guy."},{"speaker":"Nick Murison","startTime":105.51,"endTime":106.5,"body":"He is definetely."},{"speaker":"Robby Peralta","startTime":106.89,"endTime":109.89,"body":"So I'm here to"},{"speaker":"Robby Peralta","startTime":106.89,"endTime":109.89,"body":"pick your brain about security"},{"speaker":"Robby Peralta","startTime":110.55,"endTime":113.52,"body":"within the development"},{"speaker":"Robby Peralta","startTime":110.55,"endTime":113.52,"body":"lifecycle. Does that sound about"},{"speaker":"Robby Peralta","startTime":113.52,"endTime":115.05,"body":"right? Yeah, I have an opinion"},{"speaker":"Robby Peralta","startTime":113.52,"endTime":115.05,"body":"about?"},{"speaker":"Nick Murison","startTime":115.14,"endTime":116.85,"body":"Absolutely. I've"},{"speaker":"Nick Murison","startTime":115.14,"endTime":116.85,"body":"got I've got a couple of"},{"speaker":"Nick Murison","startTime":116.85,"endTime":117.36,"body":"thoughts."},{"speaker":"Robby Peralta","startTime":118.23,"endTime":120.33,"body":"Cool. But before"},{"speaker":"Robby Peralta","startTime":118.23,"endTime":120.33,"body":"we jump into that....who are"},{"speaker":"Nick Murison","startTime":120.0,"endTime":124.77,"body":"Well, yeah, as you"},{"speaker":"Nick Murison","startTime":120.0,"endTime":124.77,"body":"said, my name is Nick Murison,"},{"speaker":"Nick Murison","startTime":120.33,"endTime":120.63,"body":"you?"},{"speaker":"Nick Murison","startTime":124.77,"endTime":130.47,"body":"and I've actually been doing"},{"speaker":"Nick Murison","startTime":124.77,"endTime":130.47,"body":"software security for the better"},{"speaker":"Nick Murison","startTime":130.47,"endTime":135.84,"body":"part of 15-16 years now. And as"},{"speaker":"Nick Murison","startTime":130.47,"endTime":135.84,"body":"any security consultant in the"},{"speaker":"Nick Murison","startTime":135.84,"endTime":141.42,"body":"mid 2000s, my main job was"},{"speaker":"Nick Murison","startTime":135.84,"endTime":141.42,"body":"penetration testing. So breaking"},{"speaker":"Nick Murison","startTime":141.42,"endTime":145.17,"body":"other people's stuff. And it was"},{"speaker":"Nick Murison","startTime":141.42,"endTime":145.17,"body":"really good fun, I had a lot of"},{"speaker":"Nick Murison","startTime":145.17,"endTime":149.82,"body":"fun, I broke some really"},{"speaker":"Nick Murison","startTime":145.17,"endTime":149.82,"body":"interesting systems, I learned a"},{"speaker":"Nick Murison","startTime":149.82,"endTime":153.63,"body":"lot. And so it's a bit like"},{"speaker":"Nick Murison","startTime":149.82,"endTime":153.63,"body":"solving puzzles. It's a"},{"speaker":"Nick Murison","startTime":153.63,"endTime":156.45,"body":"challenge, you got to get your"},{"speaker":"Nick Murison","startTime":153.63,"endTime":156.45,"body":"head into, you know, how the"},{"speaker":"Nick Murison","startTime":156.45,"endTime":158.67,"body":"developers were thinking when"},{"speaker":"Nick Murison","startTime":156.45,"endTime":158.67,"body":"they built something, and you've"},{"speaker":"Nick Murison","startTime":158.67,"endTime":161.94,"body":"got to figure out, Okay, wha"},{"speaker":"Nick Murison","startTime":158.67,"endTime":161.94,"body":"didn't they think of. But th"},{"speaker":"Nick Murison","startTime":161.94,"endTime":166.65,"body":"one thing that kind of bugged m"},{"speaker":"Nick Murison","startTime":161.94,"endTime":166.65,"body":"was after having don"},{"speaker":"Nick Murison","startTime":162.42,"endTime":215.97,"body":"That happened a"},{"speaker":"Nick Murison","startTime":162.42,"endTime":215.97,"body":"couple times in this episode,"},{"speaker":"Nick Murison","startTime":166.65,"endTime":169.62,"body":"penetration testing for a fe"},{"speaker":"Nick Murison","startTime":166.65,"endTime":169.62,"body":"years was essentially every"},{"speaker":"Nick Murison","startTime":169.62,"endTime":175.59,"body":"week was the same deal. I would"},{"speaker":"Nick Murison","startTime":169.62,"endTime":175.59,"body":"go in, I would start testing new"},{"speaker":"Nick Murison","startTime":175.59,"endTime":178.89,"body":"system or application or"},{"speaker":"Nick Murison","startTime":175.59,"endTime":178.89,"body":"whatever. And by the end of the"},{"speaker":"Nick Murison","startTime":178.89,"endTime":181.53,"body":"week, I'd written a report that"},{"speaker":"Nick Murison","startTime":178.89,"endTime":181.53,"body":"essentially told the developers,"},{"speaker":"Nick Murison","startTime":181.8,"endTime":190.8,"body":"their baby is ugly. And that t"},{"speaker":"Nick Murison","startTime":181.8,"endTime":190.8,"body":"ey got a bit tiring after a whil"},{"speaker":"Nick Murison","startTime":190.8,"endTime":195.15,"body":", it got boring. And so I st"},{"speaker":"Nick Murison","startTime":190.8,"endTime":195.15,"body":"rted thinking about how do w"},{"speaker":"Nick Murison","startTime":195.15,"endTime":197.28,"body":"actually fix these problems?"},{"speaker":"Nick Murison","startTime":195.15,"endTime":197.28,"body":"ou know, it's easy to find them,"},{"speaker":"Nick Murison","startTime":197.28,"endTime":200.31,"body":"but it's harder to fix them."},{"speaker":"Nick Murison","startTime":197.28,"endTime":200.31,"body":"nd the really hard challenge is"},{"speaker":"Nick Murison","startTime":200.31,"endTime":203.97,"body":"o prevent them from happening in"},{"speaker":"Nick Murison","startTime":200.31,"endTime":203.97,"body":"the first place. And so I got i"},{"speaker":"Nick Murison","startTime":204.0,"endTime":206.31,"body":"volved in things like training"},{"speaker":"Nick Murison","startTime":204.0,"endTime":206.31,"body":"developers on how to secure c"},{"speaker":"Nick Murison","startTime":206.31,"endTime":210.3,"body":"dely. Code securely."},{"speaker":"Nick Murison","startTime":215.97,"endTime":216.33,"body":"I'm sure."},{"speaker":"Nick Murison","startTime":217.44,"endTime":221.91,"body":"So I got into training"},{"speaker":"Nick Murison","startTime":217.44,"endTime":221.91,"body":"developers to code securely, I"},{"speaker":"Nick Murison","startTime":221.91,"endTime":225.72,"body":"started doing more kind of"},{"speaker":"Nick Murison","startTime":221.91,"endTime":225.72,"body":"secure code reviews, helping"},{"speaker":"Nick Murison","startTime":225.75,"endTime":229.02,"body":"people doing threat modeling,"},{"speaker":"Nick Murison","startTime":225.75,"endTime":229.02,"body":"and more kind of architectural"},{"speaker":"Nick Murison","startTime":229.02,"endTime":233.7,"body":"security reviews to try and sort"},{"speaker":"Nick Murison","startTime":229.02,"endTime":233.7,"body":"of catch big things earlier. Big"},{"speaker":"Nick Murison","startTime":233.7,"endTime":237.72,"body":"security issues earlier. And"},{"speaker":"Nick Murison","startTime":233.7,"endTime":237.72,"body":"then I kind of built my career"},{"speaker":"Nick Murison","startTime":237.72,"endTime":239.82,"body":"up to the point where I was"},{"speaker":"Nick Murison","startTime":237.72,"endTime":239.82,"body":"actually I ended up working for"},{"speaker":"Nick Murison","startTime":239.82,"endTime":242.85,"body":"a company called Cigital. And if"},{"speaker":"Nick Murison","startTime":239.82,"endTime":242.85,"body":"you haven't heard of digital"},{"speaker":"Nick Murison","startTime":242.85,"endTime":245.28,"body":"before, they don't exist"},{"speaker":"Nick Murison","startTime":242.85,"endTime":245.28,"body":"anymore. They got bought up by"},{"speaker":"Nick Murison","startTime":245.28,"endTime":250.53,"body":"another company, but they were"},{"speaker":"Nick Murison","startTime":245.28,"endTime":250.53,"body":"the they were the, the"},{"speaker":"Nick Murison","startTime":250.53,"endTime":254.58,"body":"originators of several sort of"},{"speaker":"Nick Murison","startTime":250.53,"endTime":254.58,"body":"modern software security"},{"speaker":"Nick Murison","startTime":254.58,"endTime":257.28,"body":"concepts, including one thing"},{"speaker":"Nick Murison","startTime":254.58,"endTime":257.28,"body":"called the building security and"},{"speaker":"Nick Murison","startTime":257.31,"endTime":261.48,"body":"maturity model. And it's a model"},{"speaker":"Nick Murison","startTime":257.31,"endTime":261.48,"body":"that essentially tries to"},{"speaker":"Nick Murison","startTime":261.48,"endTime":265.8,"body":"describe what a company's in"},{"speaker":"Nick Murison","startTime":261.48,"endTime":265.8,"body":"real life doing, as part of the"},{"speaker":"Nick Murison","startTime":265.8,"endTime":269.31,"body":"software security programs,"},{"speaker":"Nick Murison","startTime":265.8,"endTime":269.31,"body":"initiatives, and I ended up"},{"speaker":"Nick Murison","startTime":269.31,"endTime":273.03,"body":"being one of the, shall we say,"},{"speaker":"Nick Murison","startTime":269.31,"endTime":273.03,"body":"assessors for that. So I got to"},{"speaker":"Nick Murison","startTime":273.03,"endTime":275.88,"body":"run around the world and an"},{"speaker":"Nick Murison","startTime":273.03,"endTime":275.88,"body":"interview developers and"},{"speaker":"Nick Murison","startTime":275.88,"endTime":278.37,"body":"security people or companies all"},{"speaker":"Nick Murison","startTime":275.88,"endTime":278.37,"body":"over the world and essentially"},{"speaker":"Nick Murison","startTime":278.37,"endTime":281.91,"body":"ask them what do you do as a"},{"speaker":"Nick Murison","startTime":278.37,"endTime":281.91,"body":"partof your security program,"},{"speaker":"Nick Murison","startTime":282.45,"endTime":285.21,"body":"and then help them based on what"},{"speaker":"Nick Murison","startTime":282.45,"endTime":285.21,"body":"they were doing and sort of give"},{"speaker":"Nick Murison","startTime":285.21,"endTime":288.48,"body":"them recommendations on what"},{"speaker":"Nick Murison","startTime":285.21,"endTime":288.48,"body":"they could you be doing next?"},{"speaker":"Nick Murison","startTime":289.71,"endTime":293.97,"body":"And so that's how I've spent the"},{"speaker":"Nick Murison","startTime":289.71,"endTime":293.97,"body":"past few years now I work for a"},{"speaker":"Nick Murison","startTime":293.97,"endTime":297.69,"body":"company in Norway called Miles,"},{"speaker":"Nick Murison","startTime":293.97,"endTime":297.69,"body":"which is a software consulting"},{"speaker":"Nick Murison","startTime":297.9,"endTime":302.4,"body":"company. They wanted to focus"},{"speaker":"Nick Murison","startTime":297.9,"endTime":302.4,"body":"more on security. And I think"},{"speaker":"Nick Murison","startTime":302.4,"endTime":305.1,"body":"it's a kind of a sweet spot"},{"speaker":"Nick Murison","startTime":302.4,"endTime":305.1,"body":"because - one of the things I've"},{"speaker":"Nick Murison","startTime":305.1,"endTime":309.81,"body":"learned is, it's really hard to"},{"speaker":"Nick Murison","startTime":305.1,"endTime":309.81,"body":"teach security people how to"},{"speaker":"Nick Murison","startTime":309.81,"endTime":315.36,"body":"speak to developers. It's a lot"},{"speaker":"Nick Murison","startTime":309.81,"endTime":315.36,"body":"easier to take developers and"},{"speaker":"Nick Murison","startTime":315.36,"endTime":318.69,"body":"teach them security concepts,"},{"speaker":"Nick Murison","startTime":315.36,"endTime":318.69,"body":"and have them essentially be the"},{"speaker":"Nick Murison","startTime":318.69,"endTime":321.48,"body":"security champions. So it kind"},{"speaker":"Nick Murison","startTime":318.69,"endTime":321.48,"body":"of like what you guys were doing"},{"speaker":"Nick Murison","startTime":321.51,"endTime":324.99,"body":"with your customer recently,"},{"speaker":"Nick Murison","startTime":321.51,"endTime":324.99,"body":"where you essentially turned a"},{"speaker":"Nick Murison","startTime":324.99,"endTime":332.19,"body":"bunch of innocent developers"},{"speaker":"Nick Murison","startTime":324.99,"endTime":332.19,"body":"into, you know, evil hackers who"},{"speaker":"Nick Murison","startTime":332.52,"endTime":335.76,"body":"are looking at everything. But"},{"speaker":"Nick Murison","startTime":332.52,"endTime":335.76,"body":"every app that they use, and go,"},{"speaker":"Nick Murison","startTime":335.76,"endTime":339.72,"body":"how can I make this thing, and"},{"speaker":"Nick Murison","startTime":335.76,"endTime":339.72,"body":"it's really good fun to see that"},{"speaker":"Nick Murison","startTime":340.92,"endTime":344.22,"body":"change in the mindset and also"},{"speaker":"Nick Murison","startTime":340.92,"endTime":344.22,"body":"to see them be able to take the"},{"speaker":"Nick Murison","startTime":344.22,"endTime":347.19,"body":"message out to the rest of the"},{"speaker":"Nick Murison","startTime":344.22,"endTime":347.19,"body":"organization and help everyone"},{"speaker":"Nick Murison","startTime":347.19,"endTime":348.45,"body":"become more aware of security."},{"speaker":"Robby Peralta","startTime":351.18,"endTime":353.55,"body":"Those developers"},{"speaker":"Robby Peralta","startTime":351.18,"endTime":353.55,"body":"at the end of that little"},{"speaker":"Robby Peralta","startTime":353.55,"endTime":355.98,"body":"workshop, which was like a"},{"speaker":"Robby Peralta","startTime":353.55,"endTime":355.98,"body":"tournament. At the end of the"},{"speaker":"Robby Peralta","startTime":355.98,"endTime":358.11,"body":"workshop, they were going into"},{"speaker":"Robby Peralta","startTime":355.98,"endTime":358.11,"body":"their ticketing systems and make"},{"speaker":"Robby Peralta","startTime":358.11,"endTime":360.45,"body":"giving them themselves work"},{"speaker":"Robby Peralta","startTime":358.11,"endTime":360.45,"body":"because they wanted to improve"},{"speaker":"Robby Peralta","startTime":360.45,"endTime":362.73,"body":"their own code. And that was"},{"speaker":"Robby Peralta","startTime":360.45,"endTime":362.73,"body":"that without anybody telling"},{"speaker":"Robby Peralta","startTime":362.73,"endTime":366.93,"body":"them to do so. So there, yeah,"},{"speaker":"Robby Peralta","startTime":362.73,"endTime":366.93,"body":"they want their software to be"},{"speaker":"Robby Peralta","startTime":366.93,"endTime":371.7,"body":"as good as possible. So that's"},{"speaker":"Robby Peralta","startTime":366.93,"endTime":371.7,"body":"one thing I noticed. In your"},{"speaker":"Robby Peralta","startTime":372.78,"endTime":376.2,"body":"experience over these past 15"},{"speaker":"Robby Peralta","startTime":372.78,"endTime":376.2,"body":"years? What's actually important"},{"speaker":"Robby Peralta","startTime":376.2,"endTime":379.89,"body":"for developers, and why is that"},{"speaker":"Robby Peralta","startTime":376.2,"endTime":379.89,"body":"relevant for security people to"},{"speaker":"Robby Peralta","startTime":379.89,"endTime":380.58,"body":"understand?"},{"speaker":"Nick Murison","startTime":381.41,"endTime":386.06,"body":"So if I were to"},{"speaker":"Nick Murison","startTime":381.41,"endTime":386.06,"body":"sum it up in, in two words, it's"},{"speaker":"Nick Murison","startTime":386.09,"endTime":391.13,"body":"feature velocity, which is a,"},{"speaker":"Nick Murison","startTime":386.09,"endTime":391.13,"body":"which is a fancy way of saying"},{"speaker":"Nick Murison","startTime":392.03,"endTime":395.27,"body":"as a developer, you want to get"},{"speaker":"Nick Murison","startTime":392.03,"endTime":395.27,"body":"new features, new functionality,"},{"speaker":"Nick Murison","startTime":395.78,"endTime":397.91,"body":"that are going to be exciting to"},{"speaker":"Nick Murison","startTime":395.78,"endTime":397.91,"body":"the customers exciting to the"},{"speaker":"Nick Murison","startTime":397.91,"endTime":400.94,"body":"users that are going to give the"},{"speaker":"Nick Murison","startTime":397.91,"endTime":400.94,"body":"users and customers more value"},{"speaker":"Nick Murison","startTime":401.33,"endTime":406.16,"body":"out of the app on the system."},{"speaker":"Nick Murison","startTime":401.33,"endTime":406.16,"body":"You want to do that quickly, and"},{"speaker":"Nick Murison","startTime":406.19,"endTime":411.41,"body":"preferably quicker than your"},{"speaker":"Nick Murison","startTime":406.19,"endTime":411.41,"body":"competition. And so your main"},{"speaker":"Nick Murison","startTime":411.41,"endTime":415.94,"body":"focus is how do we make this?"},{"speaker":"Nick Murison","startTime":411.41,"endTime":415.94,"body":"How do we make changes quickly?"},{"speaker":"Nick Murison","startTime":416.6,"endTime":419.27,"body":"How do we make updates quickly?"},{"speaker":"Nick Murison","startTime":416.6,"endTime":419.27,"body":"How do we add new things"},{"speaker":"Nick Murison","startTime":419.27,"endTime":423.14,"body":"quickly? And that's going to be"},{"speaker":"Nick Murison","startTime":419.27,"endTime":423.14,"body":"my main focus, and anything that"},{"speaker":"Nick Murison","startTime":423.14,"endTime":431.54,"body":"kind of hints that or suggests"},{"speaker":"Nick Murison","startTime":423.14,"endTime":431.54,"body":"that they need to slow down is"},{"speaker":"Nick Murison","startTime":431.54,"endTime":435.38,"body":"going to be not necessarily a"},{"speaker":"Nick Murison","startTime":431.54,"endTime":435.38,"body":"nuisance, but it's going to"},{"speaker":"Nick Murison","startTime":435.38,"endTime":442.25,"body":"cause friction, and eyebrows"},{"speaker":"Nick Murison","startTime":435.38,"endTime":442.25,"body":"will go up. And especially if"},{"speaker":"Nick Murison","startTime":442.25,"endTime":446.27,"body":"you're developer with a tight"},{"speaker":"Nick Murison","startTime":442.25,"endTime":446.27,"body":"timeline or deadline, you've got"},{"speaker":"Nick Murison","startTime":446.27,"endTime":450.65,"body":"until Friday to get this new"},{"speaker":"Nick Murison","startTime":446.27,"endTime":450.65,"body":"whiz bang thing and your iPhone"},{"speaker":"Nick Murison","startTime":450.65,"endTime":453.23,"body":"app to work. And someone's come"},{"speaker":"Nick Murison","startTime":450.65,"endTime":453.23,"body":"along and said, Can you fix"},{"speaker":"Nick Murison","startTime":453.23,"endTime":457.07,"body":"these 20 security bugs? You"},{"speaker":"Nick Murison","startTime":453.23,"endTime":457.07,"body":"can't do both. So you got to"},{"speaker":"Nick Murison","startTime":457.07,"endTime":457.79,"body":"prioritize."},{"speaker":"Robby Peralta","startTime":459.23,"endTime":461.0,"body":"And they want to"},{"speaker":"Robby Peralta","startTime":459.23,"endTime":461.0,"body":"go fast..Is that like a self"},{"speaker":"Robby Peralta","startTime":461.0,"endTime":463.46,"body":"motivated thing? Or is that"},{"speaker":"Robby Peralta","startTime":461.0,"endTime":463.46,"body":"because like some sales guys are"},{"speaker":"Robby Peralta","startTime":463.82,"endTime":466.88,"body":"begging them to do so. Just out"},{"speaker":"Robby Peralta","startTime":463.82,"endTime":466.88,"body":"of your experience."},{"speaker":"Nick Murison","startTime":468.04,"endTime":470.23,"body":"My experience is"},{"speaker":"Nick Murison","startTime":468.04,"endTime":470.23,"body":"definitely there's, there's"},{"speaker":"Nick Murison","startTime":470.23,"endTime":475.63,"body":"either sales or product"},{"speaker":"Nick Murison","startTime":470.23,"endTime":475.63,"body":"management or someone else kind"},{"speaker":"Nick Murison","startTime":475.63,"endTime":480.49,"body":"of applying that pressure. And a"},{"speaker":"Nick Murison","startTime":475.63,"endTime":480.49,"body":"lot of times it can be a"},{"speaker":"Nick Murison","startTime":480.49,"endTime":486.67,"body":"combination of needing to push"},{"speaker":"Nick Murison","startTime":480.49,"endTime":486.67,"body":"out new features quickly."},{"speaker":"Nick Murison","startTime":487.36,"endTime":491.14,"body":"Because sales, told the customer"},{"speaker":"Nick Murison","startTime":487.36,"endTime":491.14,"body":"that sure we'll have it done by"},{"speaker":"Nick Murison","startTime":491.59,"endTime":494.62,"body":"end of the month, it will be"},{"speaker":"Nick Murison","startTime":491.59,"endTime":494.62,"body":"combination of that. And the"},{"speaker":"Nick Murison","startTime":494.62,"endTime":500.38,"body":"fact that, maybe yo only have 4"},{"speaker":"Nick Murison","startTime":494.62,"endTime":500.38,"body":"developers on the team. And"},{"speaker":"Nick Murison","startTime":500.41,"endTime":505.42,"body":"that's actually 3 developers to"},{"speaker":"Nick Murison","startTime":500.41,"endTime":505.42,"body":"few for what you're trying to"},{"speaker":"Nick Murison","startTime":505.42,"endTime":510.13,"body":"achieve based on your budget"},{"speaker":"Nick Murison","startTime":505.42,"endTime":510.13,"body":"backlog. But you live with it."},{"speaker":"Nick Murison","startTime":510.76,"endTime":513.88,"body":"And so do the best you can."},{"speaker":"Nick Murison","startTime":510.76,"endTime":513.88,"body":"Yeah, but the pressure is there,"},{"speaker":"Nick Murison","startTime":513.88,"endTime":514.3,"body":"definitely."},{"speaker":"Robby Peralta","startTime":515.82,"endTime":519.33,"body":"So what about for"},{"speaker":"Robby Peralta","startTime":515.82,"endTime":519.33,"body":"security people? What's it"},{"speaker":"Robby Peralta","startTime":519.33,"endTime":521.7,"body":"what's important for security"},{"speaker":"Robby Peralta","startTime":519.33,"endTime":521.7,"body":"people? And why is that relevant"},{"speaker":"Robby Peralta","startTime":521.7,"endTime":523.77,"body":"for developers to understand,"},{"speaker":"Nick Murison","startTime":524.26,"endTime":526.42,"body":"essentially, that"},{"speaker":"Nick Murison","startTime":524.26,"endTime":526.42,"body":"chief responsibility is to"},{"speaker":"Nick Murison","startTime":526.45,"endTime":533.2,"body":"reduce and manage risk, security"},{"speaker":"Nick Murison","startTime":526.45,"endTime":533.2,"body":"risk?. So the easiest way to do"},{"speaker":"Nick Murison","startTime":533.2,"endTime":535.21,"body":"that is for nothing to change."},{"speaker":"Nick Murison","startTime":536.2,"endTime":542.65,"body":"If the app doesn't change, if"},{"speaker":"Nick Murison","startTime":536.2,"endTime":542.65,"body":"there are no new features, then"},{"speaker":"Nick Murison","startTime":542.68,"endTime":545.98,"body":"security can sit there and"},{"speaker":"Nick Murison","startTime":542.68,"endTime":545.98,"body":"essentially work to reduce the"},{"speaker":"Nick Murison","startTime":546.25,"endTime":550.24,"body":"risk that we already have. And"},{"speaker":"Nick Murison","startTime":546.25,"endTime":550.24,"body":"then but every time you add a"},{"speaker":"Nick Murison","startTime":550.24,"endTime":553.36,"body":"new feature, or change"},{"speaker":"Nick Murison","startTime":550.24,"endTime":553.36,"body":"something, that's that's a new"},{"speaker":"Nick Murison","startTime":553.36,"endTime":556.87,"body":"thing that needs to be assessed"},{"speaker":"Nick Murison","startTime":553.36,"endTime":556.87,"body":"as a new potential risk that"},{"speaker":"Nick Murison","startTime":556.9,"endTime":560.89,"body":"that's introduced. And so"},{"speaker":"Nick Murison","startTime":556.9,"endTime":560.89,"body":"security and development are"},{"speaker":"Nick Murison","startTime":561.37,"endTime":566.17,"body":"both working for the best of the"},{"speaker":"Nick Murison","startTime":561.37,"endTime":566.17,"body":"company or the organization."},{"speaker":"Nick Murison","startTime":566.2,"endTime":569.2,"body":"They're both trying to do the"},{"speaker":"Nick Murison","startTime":566.2,"endTime":569.2,"body":"right thing for the"},{"speaker":"Nick Murison","startTime":569.2,"endTime":573.4,"body":"organization. But they're kind"},{"speaker":"Nick Murison","startTime":569.2,"endTime":573.4,"body":"of sub-priorities. The"},{"speaker":"Nick Murison","startTime":573.4,"endTime":576.76,"body":"individual priorities look like"},{"speaker":"Nick Murison","startTime":573.4,"endTime":576.76,"body":"they can be conflicting a lot of"},{"speaker":"Nick Murison","startTime":576.76,"endTime":577.24,"body":"time."},{"speaker":"Robby Peralta","startTime":577.66,"endTime":578.83,"body":"But like you"},{"speaker":"Robby Peralta","startTime":577.66,"endTime":578.83,"body":"said, they're all they're all"},{"speaker":"Robby Peralta","startTime":578.83,"endTime":581.41,"body":"going in the right direction. So"},{"speaker":"Robby Peralta","startTime":578.83,"endTime":581.41,"body":"I guess it's part of this"},{"speaker":"Robby Peralta","startTime":581.41,"endTime":583.48,"body":"podcast. We're trying to get"},{"speaker":"Robby Peralta","startTime":581.41,"endTime":583.48,"body":"them to understand that right?"},{"speaker":"Robby Peralta","startTime":584.32,"endTime":588.37,"body":"But by the way, do you think"},{"speaker":"Robby Peralta","startTime":584.32,"endTime":588.37,"body":"secure code means better code?"},{"speaker":"Nick Murison","startTime":591.87,"endTime":596.28,"body":"Unless it's a"},{"speaker":"Nick Murison","startTime":591.87,"endTime":596.28,"body":"trick question, yes. Some people"},{"speaker":"Nick Murison","startTime":596.28,"endTime":603.45,"body":"might consider security to be"},{"speaker":"Nick Murison","startTime":596.28,"endTime":603.45,"body":"kind of like a sub part of"},{"speaker":"Nick Murison","startTime":603.45,"endTime":609.9,"body":"quality. Any security bug or any"},{"speaker":"Nick Murison","startTime":603.45,"endTime":609.9,"body":"security flaw. And I can talk a"},{"speaker":"Nick Murison","startTime":609.9,"endTime":612.66,"body":"bit about what the differences"},{"speaker":"Nick Murison","startTime":609.9,"endTime":612.66,"body":"are there if you want. But any"},{"speaker":"Nick Murison","startTime":612.66,"endTime":616.83,"body":"kind of security weakness is"},{"speaker":"Nick Murison","startTime":612.66,"endTime":616.83,"body":"essentially a quality issue as"},{"speaker":"Nick Murison","startTime":616.83,"endTime":619.86,"body":"well, because it's the"},{"speaker":"Nick Murison","startTime":616.83,"endTime":619.86,"body":"application not responding or"},{"speaker":"Nick Murison","startTime":619.86,"endTime":626.52,"body":"the system not responding"},{"speaker":"Nick Murison","startTime":619.86,"endTime":626.52,"body":"correctly, when provided with"},{"speaker":"Nick Murison","startTime":626.52,"endTime":631.5,"body":"some sort of input or some some"},{"speaker":"Nick Murison","startTime":626.52,"endTime":631.5,"body":"activity. And so it could be as"},{"speaker":"Nick Murison","startTime":631.5,"endTime":635.25,"body":"simple as you know, if I enter a"},{"speaker":"Nick Murison","startTime":631.5,"endTime":635.25,"body":"negative price in a, in a"},{"speaker":"Nick Murison","startTime":635.25,"endTime":638.49,"body":"shopping cart, you know, that's"},{"speaker":"Nick Murison","startTime":635.25,"endTime":638.49,"body":"both a quality bug and a"},{"speaker":"Nick Murison","startTime":638.49,"endTime":642.69,"body":"security bug. If it lets me do"},{"speaker":"Nick Murison","startTime":638.49,"endTime":642.69,"body":"that, you know, quality wise,"},{"speaker":"Nick Murison","startTime":642.69,"endTime":644.88,"body":"you know, you should be checking"},{"speaker":"Nick Murison","startTime":642.69,"endTime":644.88,"body":"that it's the right, you know,"},{"speaker":"Nick Murison","startTime":644.91,"endTime":647.16,"body":"integer and stuff like that. And"},{"speaker":"Nick Murison","startTime":644.91,"endTime":647.16,"body":"from a security point of view,"},{"speaker":"Nick Murison","startTime":647.88,"endTime":650.43,"body":"you know, you don't want your"},{"speaker":"Nick Murison","startTime":647.88,"endTime":650.43,"body":"customers essentially getting"},{"speaker":"Nick Murison","startTime":650.43,"endTime":654.0,"body":"paid to take your project or"},{"speaker":"Nick Murison","startTime":650.43,"endTime":654.0,"body":"products off your hands."},{"speaker":"Robby Peralta","startTime":654.87,"endTime":656.25,"body":"You must really"},{"speaker":"Robby Peralta","startTime":654.87,"endTime":656.25,"body":"love your customer. In that"},{"speaker":"Robby Peralta","startTime":656.25,"endTime":660.84,"body":"case, at least. Yeah. Hey, but"},{"speaker":"Robby Peralta","startTime":656.25,"endTime":660.84,"body":"you just mentioned the"},{"speaker":"Robby Peralta","startTime":660.84,"endTime":663.54,"body":"difference between a flaw and a"},{"speaker":"Robby Peralta","startTime":660.84,"endTime":663.54,"body":"bug if I understood you"},{"speaker":"Robby Peralta","startTime":663.54,"endTime":664.65,"body":"correctly. Go there!"},{"speaker":"Nick Murison","startTime":664.08,"endTime":667.62,"body":"Okay so it's,"},{"speaker":"Nick Murison","startTime":664.08,"endTime":667.62,"body":"perhaps a bit pedantic"},{"speaker":"Nick Murison","startTime":667.65,"endTime":671.82,"body":"terminology. But one of the"},{"speaker":"Nick Murison","startTime":667.65,"endTime":671.82,"body":"things that I like to"},{"speaker":"Nick Murison","startTime":671.82,"endTime":675.39,"body":"distinguish between is a bug in"},{"speaker":"Nick Murison","startTime":671.82,"endTime":675.39,"body":"a flaw. So a bug is essentially"},{"speaker":"Nick Murison","startTime":678.0,"endTime":681.33,"body":"when the developer makes a"},{"speaker":"Nick Murison","startTime":678.0,"endTime":681.33,"body":"mistake in the code. So for"},{"speaker":"Nick Murison","startTime":681.33,"endTime":686.16,"body":"example the developer intended"},{"speaker":"Nick Murison","startTime":681.33,"endTime":686.16,"body":"to compare two variables, but"},{"speaker":"Nick Murison","startTime":686.16,"endTime":690.96,"body":"instead they used the wrong kind"},{"speaker":"Nick Murison","startTime":686.16,"endTime":690.96,"body":"of syntax, and they ended up"},{"speaker":"Nick Murison","startTime":690.99,"endTime":694.5,"body":"actually setting one variable to"},{"speaker":"Nick Murison","startTime":690.99,"endTime":694.5,"body":"the value of the other one for"},{"speaker":"Nick Murison","startTime":694.5,"endTime":698.49,"body":"xample. That's a bug. And then"},{"speaker":"Nick Murison","startTime":694.5,"endTime":698.49,"body":"hat can manifest itself in in"},{"speaker":"Nick Murison","startTime":698.49,"endTime":703.8,"body":"arious different ways, lots of"},{"speaker":"Nick Murison","startTime":698.49,"endTime":703.8,"body":"ind of injection attacks, take"},{"speaker":"Nick Murison","startTime":703.8,"endTime":708.09,"body":"dvantage of that. While a flaw"},{"speaker":"Nick Murison","startTime":703.8,"endTime":708.09,"body":"s more like a design level"},{"speaker":"Nick Murison","startTime":708.09,"endTime":713.01,"body":"ssue, so a flaw in a system"},{"speaker":"Nick Murison","startTime":708.09,"endTime":713.01,"body":"ight be the fact that - nowher"},{"speaker":"Nick Murison","startTime":709.66,"endTime":806.95,"body":"So if I understood you"},{"speaker":"Nick Murison","startTime":709.66,"endTime":806.95,"body":"correctly, security is usually a"},{"speaker":"Nick Murison","startTime":713.01,"endTime":716.31,"body":"in your architecture, did yo"},{"speaker":"Nick Murison","startTime":713.01,"endTime":716.31,"body":"design in any kind of lik"},{"speaker":"Nick Murison","startTime":716.37,"endTime":720.9,"body":"authorization logic, to say"},{"speaker":"Nick Murison","startTime":716.37,"endTime":720.9,"body":"okay, well, somewhere, someon"},{"speaker":"Nick Murison","startTime":720.9,"endTime":723.18,"body":"actually has to check that th"},{"speaker":"Nick Murison","startTime":720.9,"endTime":723.18,"body":"customer is allowed to do wha"},{"speaker":"Nick Murison","startTime":723.18,"endTime":725.64,"body":"the customer is meant to do"},{"speaker":"Nick Murison","startTime":723.18,"endTime":725.64,"body":"that the customer is logged in"},{"speaker":"Nick Murison","startTime":725.7,"endTime":730.02,"body":"and is allowed to do thi"},{"speaker":"Nick Murison","startTime":725.7,"endTime":730.02,"body":"action. And if there's a m"},{"speaker":"Nick Murison","startTime":730.02,"endTime":732.45,"body":"ssing component, that's a de"},{"speaker":"Nick Murison","startTime":730.02,"endTime":732.45,"body":"ign flaw, essentially"},{"speaker":"Nick Murison","startTime":732.63,"endTime":738.03,"body":"And it seems to be about 50"},{"speaker":"Nick Murison","startTime":732.63,"endTime":738.03,"body":"50 when you ask big companie"},{"speaker":"Nick Murison","startTime":738.12,"endTime":742.14,"body":", do you have more and mor"},{"speaker":"Nick Murison","startTime":738.12,"endTime":742.14,"body":"bugs than flaws, they tend to b"},{"speaker":"Nick Murison","startTime":742.29,"endTime":744.72,"body":"about 50/50, a lot of times,"},{"speaker":"Nick Murison","startTime":742.29,"endTime":744.72,"body":"aybe a little bit more bugs"},{"speaker":"Nick Murison","startTime":744.72,"endTime":747.51,"body":"But the point of distingui"},{"speaker":"Nick Murison","startTime":744.72,"endTime":747.51,"body":"hing between them is to make"},{"speaker":"Nick Murison","startTime":747.51,"endTime":751.29,"body":"he point that it's not just"},{"speaker":"Nick Murison","startTime":747.51,"endTime":751.29,"body":"evelopers writing code too fast"},{"speaker":"Nick Murison","startTime":751.29,"endTime":757.86,"body":"and missing something as they"},{"speaker":"Nick Murison","startTime":751.29,"endTime":757.86,"body":"rite. It's also on the architect"},{"speaker":"Nick Murison","startTime":757.86,"endTime":760.65,"body":"re level. If you're not t"},{"speaker":"Nick Murison","startTime":757.86,"endTime":760.65,"body":"inking about security upfront"},{"speaker":"Nick Murison","startTime":760.68,"endTime":763.2,"body":"as part of your design, you cou"},{"speaker":"Nick Murison","startTime":760.68,"endTime":763.2,"body":"d miss entire security compo"},{"speaker":"Nick Murison","startTime":763.2,"endTime":767.28,"body":"ents. Instead of trying to"},{"speaker":"Nick Murison","startTime":763.2,"endTime":767.28,"body":"ttack your mobile app on an"},{"speaker":"Nick Murison","startTime":767.28,"endTime":771.12,"body":"Phone and figure out how to stea"},{"speaker":"Nick Murison","startTime":767.28,"endTime":771.12,"body":"everyone else's data. Why don'"},{"speaker":"Nick Murison","startTime":771.12,"endTime":775.5,"body":"they just talk to your web ba"},{"speaker":"Nick Murison","startTime":771.12,"endTime":775.5,"body":"ed API that your mobile app tal"},{"speaker":"Nick Murison","startTime":775.5,"endTime":779.64,"body":"s to? And if you've forgotte"},{"speaker":"Nick Murison","startTime":775.5,"endTime":779.64,"body":"to put any kind of controls on"},{"speaker":"Nick Murison","startTime":779.64,"endTime":783.39,"body":"the API to say, okay, yes, we we"},{"speaker":"Nick Murison","startTime":779.64,"endTime":783.39,"body":"think we're only ever going to"},{"speaker":"Nick Murison","startTime":783.39,"endTime":787.71,"body":"talk to a mobile phone"},{"speaker":"Nick Murison","startTime":783.39,"endTime":787.71,"body":"pp. But what if someone trie"},{"speaker":"Nick Murison","startTime":787.74,"endTime":792.18,"body":"to talk to us directly, we"},{"speaker":"Nick Murison","startTime":787.74,"endTime":792.18,"body":"need to authenticate them. T"},{"speaker":"Nick Murison","startTime":792.18,"endTime":795.0,"body":"at would be more. And that's"},{"speaker":"Nick Murison","startTime":792.18,"endTime":795.0,"body":"a problem that we've seen a f"},{"speaker":"Nick Murison","startTime":795.0,"endTime":796.83,"body":"w times."},{"speaker":"Nick Murison","startTime":807.52,"endTime":809.2,"body":"flaw. Not a bug."},{"speaker":"Nick Murison","startTime":812.14,"endTime":814.78,"body":"It can be, yeah, lack of"},{"speaker":"Nick Murison","startTime":812.14,"endTime":814.78,"body":"security components is"},{"speaker":"Nick Murison","startTime":814.78,"endTime":815.5,"body":"definitely a flaw."},{"speaker":"Robby Peralta","startTime":816.34,"endTime":818.77,"body":"Interesting. And"},{"speaker":"Robby Peralta","startTime":816.34,"endTime":818.77,"body":"now this is really random, but I"},{"speaker":"Robby Peralta","startTime":818.77,"endTime":822.28,"body":"can't help myself. So when every"},{"speaker":"Robby Peralta","startTime":818.77,"endTime":822.28,"body":"time that patch comes out for"},{"speaker":"Robby Peralta","startTime":822.28,"endTime":827.23,"body":"some security, is it a bug or a"},{"speaker":"Robby Peralta","startTime":822.28,"endTime":827.23,"body":"flaw? Whenever somebody patches"},{"speaker":"Robby Peralta","startTime":827.23,"endTime":829.36,"body":"something, and people go out and"},{"speaker":"Robby Peralta","startTime":827.23,"endTime":829.36,"body":"reverse engineer and figure out"},{"speaker":"Robby Peralta","startTime":829.36,"endTime":833.35,"body":"what to change? They can go do"},{"speaker":"Robby Peralta","startTime":829.36,"endTime":833.35,"body":"something wrong with it"},{"speaker":"Robby Peralta","startTime":833.38,"endTime":836.86,"body":"malicious with it. Are they are"},{"speaker":"Robby Peralta","startTime":833.38,"endTime":836.86,"body":"they taking advantage of bugs or"},{"speaker":"Robby Peralta","startTime":836.86,"endTime":837.73,"body":"flaws? Or both?"},{"speaker":"Nick Murison","startTime":838.06,"endTime":840.76,"body":"Both times,"},{"speaker":"Nick Murison","startTime":838.06,"endTime":840.76,"body":"basically, I mean, if you're"},{"speaker":"Nick Murison","startTime":840.76,"endTime":844.27,"body":"looking at things like, you"},{"speaker":"Nick Murison","startTime":840.76,"endTime":844.27,"body":"know, the patches that Microsoft"},{"speaker":"Nick Murison","startTime":844.27,"endTime":849.19,"body":"put out, it's usually a bug of"},{"speaker":"Nick Murison","startTime":844.27,"endTime":849.19,"body":"some sort, like it's. Well, no,"},{"speaker":"Nick Murison","startTime":849.4,"endTime":852.58,"body":"no, that's not necessarily true."},{"speaker":"Nick Murison","startTime":849.4,"endTime":852.58,"body":"A lot of times it's a bug"},{"speaker":"Nick Murison","startTime":852.58,"endTime":855.49,"body":"because you know, someone's made"},{"speaker":"Nick Murison","startTime":852.58,"endTime":855.49,"body":"a slight mistake someone"},{"speaker":"Nick Murison","startTime":855.7,"endTime":860.14,"body":"somewhere but other times it's"},{"speaker":"Nick Murison","startTime":855.7,"endTime":860.14,"body":"actually a flaw, because the"},{"speaker":"Nick Murison","startTime":860.14,"endTime":865.51,"body":"logic involved in some of these"},{"speaker":"Nick Murison","startTime":860.14,"endTime":865.51,"body":"components is just so complex,"},{"speaker":"Nick Murison","startTime":865.81,"endTime":872.98,"body":"that even an edge case and you"},{"speaker":"Nick Murison","startTime":865.81,"endTime":872.98,"body":"could argue that's a flaw. Zoom,"},{"speaker":"Nick Murison","startTime":872.98,"endTime":877.33,"body":"for example, had just to pick on"},{"speaker":"Nick Murison","startTime":872.98,"endTime":877.33,"body":"zoom, which, by the way, have"},{"speaker":"Nick Murison","startTime":877.33,"endTime":884.77,"body":"responded just fantastically, I"},{"speaker":"Nick Murison","startTime":877.33,"endTime":884.77,"body":"think. You know, they a lot of"},{"speaker":"Nick Murison","startTime":884.77,"endTime":887.44,"body":"their issues were flaws to start"},{"speaker":"Nick Murison","startTime":884.77,"endTime":887.44,"body":"off with because they were just"},{"speaker":"Nick Murison","startTime":887.5,"endTime":891.49,"body":"they were scenarios and"},{"speaker":"Nick Murison","startTime":887.5,"endTime":891.49,"body":"situations that they've never"},{"speaker":"Nick Murison","startTime":891.49,"endTime":892.09,"body":"thought of."},{"speaker":"Robby Peralta","startTime":892.84,"endTime":894.76,"body":"Yeah, and that"},{"speaker":"Robby Peralta","startTime":892.84,"endTime":894.76,"body":"they can't blame them that much"},{"speaker":"Robby Peralta","startTime":894.76,"endTime":898.87,"body":"for that right? I was just"},{"speaker":"Robby Peralta","startTime":894.76,"endTime":898.87,"body":"sitting there thinking like,"},{"speaker":"Robby Peralta","startTime":898.87,"endTime":901.75,"body":"okay, you mentioned Microsoft,"},{"speaker":"Robby Peralta","startTime":898.87,"endTime":901.75,"body":"right? They have probably"},{"speaker":"Robby Peralta","startTime":903.34,"endTime":907.21,"body":"thousands of developers out"},{"speaker":"Robby Peralta","startTime":903.34,"endTime":907.21,"body":"there. And so I would have"},{"speaker":"Robby Peralta","startTime":907.21,"endTime":909.28,"body":"thought that they'd get their"},{"speaker":"Robby Peralta","startTime":907.21,"endTime":909.28,"body":"architects, right, they would"},{"speaker":"Robby Peralta","startTime":909.28,"endTime":911.95,"body":"have thought about all these"},{"speaker":"Robby Peralta","startTime":909.28,"endTime":911.95,"body":"possible scenarios. So they're"},{"speaker":"Robby Peralta","startTime":911.95,"endTime":914.98,"body":"much more likely to do a bug"},{"speaker":"Robby Peralta","startTime":911.95,"endTime":914.98,"body":"than a flaw. But at the same"},{"speaker":"Robby Peralta","startTime":914.98,"endTime":918.64,"body":"time, this is such as complex"},{"speaker":"Robby Peralta","startTime":914.98,"endTime":918.64,"body":"environment, other products and"},{"speaker":"Robby Peralta","startTime":918.64,"endTime":920.95,"body":"how they interoperate with each"},{"speaker":"Robby Peralta","startTime":918.64,"endTime":920.95,"body":"other, that it's actually"},{"speaker":"Robby Peralta","startTime":921.58,"endTime":924.28,"body":"understandable if they if they"},{"speaker":"Robby Peralta","startTime":921.58,"endTime":924.28,"body":"forget to leave a piece out,"},{"speaker":"Robby Peralta","startTime":924.28,"endTime":926.47,"body":"because there's so many moving"},{"speaker":"Robby Peralta","startTime":924.28,"endTime":926.47,"body":"parts, and it's so complex."},{"speaker":"Nick Murison","startTime":926.51,"endTime":932.18,"body":"Exactly. I mean,"},{"speaker":"Nick Murison","startTime":926.51,"endTime":932.18,"body":"sometimes it's even the, you"},{"speaker":"Nick Murison","startTime":932.18,"endTime":936.5,"body":"know, if you're implementing a"},{"speaker":"Nick Murison","startTime":932.18,"endTime":936.5,"body":"standard of some sort, like,"},{"speaker":"Nick Murison","startTime":936.5,"endTime":939.47,"body":"let's say you're you're"},{"speaker":"Nick Murison","startTime":936.5,"endTime":939.47,"body":"implementing, don't get too"},{"speaker":"Nick Murison","startTime":939.47,"endTime":942.44,"body":"technical here. But like, let's"},{"speaker":"Nick Murison","startTime":939.47,"endTime":942.44,"body":"say you're implementing a TLS."},{"speaker":"Nick Murison","startTime":942.68,"endTime":946.4,"body":"You know, the thing that"},{"speaker":"Nick Murison","startTime":942.68,"endTime":946.4,"body":"basically encrypts all your HTTP"},{"speaker":"Nick Murison","startTime":946.4,"endTime":950.27,"body":"traffic, all your web traffic,"},{"speaker":"Nick Murison","startTime":946.4,"endTime":950.27,"body":"over TLS, if you're implementing"},{"speaker":"Nick Murison","startTime":950.27,"endTime":955.16,"body":"TLS, version, let's say 1.1,"},{"speaker":"Nick Murison","startTime":950.27,"endTime":955.16,"body":"which is a slightly older"},{"speaker":"Nick Murison","startTime":955.16,"endTime":960.53,"body":"version, that version has a"},{"speaker":"Nick Murison","startTime":955.16,"endTime":960.53,"body":"couple of issues in it, it has"},{"speaker":"Nick Murison","startTime":960.53,"endTime":965.24,"body":"flaws in it design flaws. Now,"},{"speaker":"Nick Murison","startTime":960.53,"endTime":965.24,"body":"if you can implement it, hundred"},{"speaker":"Nick Murison","startTime":965.24,"endTime":967.85,"body":"percent accurately, according to"},{"speaker":"Nick Murison","startTime":965.24,"endTime":967.85,"body":"the standard, the coding spec,"},{"speaker":"Nick Murison","startTime":968.6,"endTime":971.51,"body":"your developers have done"},{"speaker":"Nick Murison","startTime":968.6,"endTime":971.51,"body":"exactly what the spec says. But"},{"speaker":"Nick Murison","startTime":971.51,"endTime":972.29,"body":"the spec is wrong."},{"speaker":"Robby Peralta","startTime":973.88,"endTime":974.99,"body":"Inheriting flaws,"},{"speaker":"Robby Peralta","startTime":973.88,"endTime":974.99,"body":"yeah."},{"speaker":"Nick Murison","startTime":974.78,"endTime":977.09,"body":"yeah, exactly. And"},{"speaker":"Nick Murison","startTime":974.78,"endTime":977.09,"body":"you can't you can't put the"},{"speaker":"Nick Murison","startTime":977.09,"endTime":979.76,"body":"blame on, for example,"},{"speaker":"Nick Murison","startTime":977.09,"endTime":979.76,"body":"Microsoft, at that point you"},{"speaker":"Nick Murison","startTime":979.76,"endTime":982.7,"body":"know, they had 200"},{"speaker":"Nick Murison","startTime":979.76,"endTime":982.7,"body":"cryptographers have had a look"},{"speaker":"Nick Murison","startTime":982.7,"endTime":984.89,"body":"at this thing, and they couldn't"},{"speaker":"Nick Murison","startTime":982.7,"endTime":984.89,"body":"find it. And then but three"},{"speaker":"Nick Murison","startTime":984.89,"endTime":987.47,"body":"years later, someone randomly"},{"speaker":"Nick Murison","startTime":984.89,"endTime":987.47,"body":"goes, Oh, hang on, if I do this,"},{"speaker":"Nick Murison","startTime":987.5,"endTime":992.12,"body":"then there's a problem. So these"},{"speaker":"Nick Murison","startTime":987.5,"endTime":992.12,"body":"some of these flows can actually"},{"speaker":"Nick Murison","startTime":992.12,"endTime":996.44,"body":"be you know, they can exist for"},{"speaker":"Nick Murison","startTime":992.12,"endTime":996.44,"body":"a long time before someone"},{"speaker":"Nick Murison","startTime":996.74,"endTime":1000.82,"body":"identifies them because they're"},{"speaker":"Nick Murison","startTime":996.74,"endTime":1000.82,"body":"so complex and convoluted. And"},{"speaker":"Nick Murison","startTime":1001.51,"endTime":1006.28,"body":"it takes a lot of sort of"},{"speaker":"Nick Murison","startTime":1001.51,"endTime":1006.28,"body":"figuring out mental arithmetic"},{"speaker":"Nick Murison","startTime":1006.28,"endTime":1007.42,"body":"to figure out what's going on."},{"speaker":"Robby Peralta","startTime":1008.54,"endTime":1011.36,"body":"Yeah, and and"},{"speaker":"Robby Peralta","startTime":1008.54,"endTime":1011.36,"body":"that does not combine very well"},{"speaker":"Robby Peralta","startTime":1011.36,"endTime":1014.6,"body":"with the whole speed of the, how"},{"speaker":"Robby Peralta","startTime":1011.36,"endTime":1014.6,"body":"fast all these things need to go"},{"speaker":"Robby Peralta","startTime":1014.6,"endTime":1017.0,"body":"correct. To keep up with"},{"speaker":"Robby Peralta","startTime":1014.6,"endTime":1017.0,"body":"business."},{"speaker":"Nick Murison","startTime":1017.0,"endTime":1022.01,"body":"Exactly. I kind of"},{"speaker":"Nick Murison","startTime":1017.0,"endTime":1022.01,"body":"want to drop in DevOps, because"},{"speaker":"Nick Murison","startTime":1022.01,"endTime":1025.76,"body":"it's the elephant in the room,"},{"speaker":"Nick Murison","startTime":1022.01,"endTime":1025.76,"body":"and we're gonna get to it. But"},{"speaker":"Nick Murison","startTime":1026.54,"endTime":1032.03,"body":"DevOps is kind of a, there's"},{"speaker":"Nick Murison","startTime":1026.54,"endTime":1032.03,"body":"different definitions of DevOps,"},{"speaker":"Nick Murison","startTime":1032.03,"endTime":1034.07,"body":"you know, I've met a lot of"},{"speaker":"Nick Murison","startTime":1032.03,"endTime":1034.07,"body":"customers, and they say, we're"},{"speaker":"Nick Murison","startTime":1034.07,"endTime":1038.03,"body":"trying to go for DevOps and I"},{"speaker":"Nick Murison","startTime":1034.07,"endTime":1038.03,"body":"say, Okay, what does that mean,"},{"speaker":"Nick Murison","startTime":1038.45,"endTime":1044.99,"body":"for you? And everyone has a has"},{"speaker":"Nick Murison","startTime":1038.45,"endTime":1044.99,"body":"their own definition. And I like"},{"speaker":"Nick Murison","startTime":1044.99,"endTime":1048.41,"body":"to think of DevOps as basically,"},{"speaker":"Nick Murison","startTime":1044.99,"endTime":1048.41,"body":"if you think DevOps is"},{"speaker":"Nick Murison","startTime":1048.41,"endTime":1051.95,"body":"automation, then you're probably"},{"speaker":"Nick Murison","startTime":1048.41,"endTime":1051.95,"body":"talking about CI/ CD, you know,"},{"speaker":"Nick Murison","startTime":1052.01,"endTime":1055.07,"body":"automating your bill, ss and"},{"speaker":"Nick Murison","startTime":1052.01,"endTime":1055.07,"body":"deployment and everything. And,"},{"speaker":"Nick Murison","startTime":1055.4,"endTime":1057.83,"body":"you know, going from a developer"},{"speaker":"Nick Murison","startTime":1055.4,"endTime":1057.83,"body":"writing a line of code to it"},{"speaker":"Nick Murison","startTime":1057.89,"endTime":1060.74,"body":"being in production within an"},{"speaker":"Nick Murison","startTime":1057.89,"endTime":1060.74,"body":"hour, that's, that's kind of"},{"speaker":"Nick Murison","startTime":1060.74,"endTime":1066.95,"body":"more ci, CD, continuous"},{"speaker":"Nick Murison","startTime":1060.74,"endTime":1066.95,"body":"deployment and so on. Agile is"},{"speaker":"Nick Murison","startTime":1066.95,"endTime":1070.4,"body":"more about methodology,"},{"speaker":"Nick Murison","startTime":1066.95,"endTime":1070.4,"body":"methodology. So how you kind of"},{"speaker":"Nick Murison","startTime":1070.73,"endTime":1073.49,"body":"approach the whole concept of,"},{"speaker":"Nick Murison","startTime":1070.73,"endTime":1073.49,"body":"we have a backlog, we have"},{"speaker":"Nick Murison","startTime":1073.49,"endTime":1078.44,"body":"features, how we estimate this"},{"speaker":"Nick Murison","startTime":1073.49,"endTime":1078.44,"body":"stuff, and so on. While DevOps"},{"speaker":"Nick Murison","startTime":1078.44,"endTime":1081.98,"body":"is more about the people in the"},{"speaker":"Nick Murison","startTime":1078.44,"endTime":1081.98,"body":"culture, devil more about making"},{"speaker":"Nick Murison","startTime":1081.98,"endTime":1086.36,"body":"teams that are essentially"},{"speaker":"Nick Murison","startTime":1081.98,"endTime":1086.36,"body":"autonomous to a certain extent,"},{"speaker":"Nick Murison","startTime":1086.99,"endTime":1090.2,"body":"working on, you know, they have"},{"speaker":"Nick Murison","startTime":1086.99,"endTime":1090.2,"body":"a specific responsibility, let's"},{"speaker":"Nick Murison","startTime":1090.2,"endTime":1093.41,"body":"say, you know, you've got one"},{"speaker":"Nick Murison","startTime":1090.2,"endTime":1093.41,"body":"DevOps team, that are"},{"speaker":"Nick Murison","startTime":1093.41,"endTime":1097.85,"body":"responsible for managing your"},{"speaker":"Nick Murison","startTime":1093.41,"endTime":1097.85,"body":"payment API. They develop it,"},{"speaker":"Nick Murison","startTime":1098.24,"endTime":1101.81,"body":"they test it, they deploy it,"},{"speaker":"Nick Murison","startTime":1098.24,"endTime":1101.81,"body":"they maintain it, if there's, if"},{"speaker":"Nick Murison","startTime":1101.81,"endTime":1105.92,"body":"something goes wrong, they're"},{"speaker":"Nick Murison","startTime":1101.81,"endTime":1105.92,"body":"also the ops team for it. And so"},{"speaker":"Nick Murison","startTime":1105.92,"endTime":1108.17,"body":"that's kind of how I think of"},{"speaker":"Nick Murison","startTime":1105.92,"endTime":1108.17,"body":"DevOps. The nice thing about"},{"speaker":"Nick Murison","startTime":1108.17,"endTime":1113.3,"body":"DevOps is that it does enable"},{"speaker":"Nick Murison","startTime":1108.17,"endTime":1113.3,"body":"you to basically, if you segment"},{"speaker":"Nick Murison","startTime":1113.3,"endTime":1116.03,"body":"your your systems and"},{"speaker":"Nick Murison","startTime":1113.3,"endTime":1116.03,"body":"architecture correctly, you can"},{"speaker":"Nick Murison","startTime":1116.03,"endTime":1119.81,"body":"have individual teams working on"},{"speaker":"Nick Murison","startTime":1116.03,"endTime":1119.81,"body":"individual parts, and making"},{"speaker":"Nick Murison","startTime":1119.81,"endTime":1122.84,"body":"really frequent changes, really"},{"speaker":"Nick Murison","startTime":1119.81,"endTime":1122.84,"body":"fast changes without impacting"},{"speaker":"Nick Murison","startTime":1122.84,"endTime":1128.45,"body":"anyone else. And you're"},{"speaker":"Nick Murison","startTime":1122.84,"endTime":1128.45,"body":"essentially, very quickly and"},{"speaker":"Nick Murison","startTime":1128.45,"endTime":1132.41,"body":"organically moving forward,"},{"speaker":"Nick Murison","startTime":1128.45,"endTime":1132.41,"body":"through your, you know, creating"},{"speaker":"Nick Murison","startTime":1132.41,"endTime":1137.03,"body":"new features and so on. Now, I"},{"speaker":"Nick Murison","startTime":1132.41,"endTime":1137.03,"body":"attended a conference virtual"},{"speaker":"Nick Murison","startTime":1137.03,"endTime":1139.64,"body":"conference a couple of months"},{"speaker":"Nick Murison","startTime":1137.03,"endTime":1139.64,"body":"ago, where I have heard the"},{"speaker":"Nick Murison","startTime":1139.64,"endTime":1142.64,"body":"first of the following two"},{"speaker":"Nick Murison","startTime":1139.64,"endTime":1142.64,"body":"statements in quick succession."},{"speaker":"Nick Murison","startTime":1143.57,"endTime":1145.52,"body":"DevOps increases security risk,"},{"speaker":"Nick Murison","startTime":1147.11,"endTime":1150.83,"body":"followed by DevOps decreases"},{"speaker":"Nick Murison","startTime":1147.11,"endTime":1150.83,"body":"your security risk."},{"speaker":"Robby Peralta","startTime":1152.54,"endTime":1153.14,"body":"And both"},{"speaker":"Robby Peralta","startTime":1153.41,"endTime":1154.37,"body":"two conflicting thoughts."},{"speaker":"Nick Murison","startTime":1154.91,"endTime":1158.0,"body":"They are, but"},{"speaker":"Nick Murison","startTime":1154.91,"endTime":1158.0,"body":"they're both correct. Hmm."},{"speaker":"Nick Murison","startTime":1158.06,"endTime":1162.5,"body":"Essentially, it sort of depends"},{"speaker":"Nick Murison","startTime":1158.06,"endTime":1162.5,"body":"on how how you approach DevOps,"},{"speaker":"Nick Murison","startTime":1162.5,"endTime":1169.73,"body":"what, what is your maturity"},{"speaker":"Nick Murison","startTime":1162.5,"endTime":1169.73,"body":"around it. And so the it, making"},{"speaker":"Nick Murison","startTime":1169.73,"endTime":1173.81,"body":"changes quickly is a good thing"},{"speaker":"Nick Murison","startTime":1169.73,"endTime":1173.81,"body":"for functionalities point of"},{"speaker":"Nick Murison","startTime":1173.81,"endTime":1176.93,"body":"view, for features and so on."},{"speaker":"Nick Murison","startTime":1173.81,"endTime":1176.93,"body":"Because you can, you can launch"},{"speaker":"Nick Murison","startTime":1176.93,"endTime":1181.82,"body":"new things quickly. It's a can"},{"speaker":"Nick Murison","startTime":1176.93,"endTime":1181.82,"body":"be bad from a security point of"},{"speaker":"Nick Murison","startTime":1181.82,"endTime":1185.21,"body":"view. Because if you don't have"},{"speaker":"Nick Murison","startTime":1181.82,"endTime":1185.21,"body":"the right checks and balances in"},{"speaker":"Nick Murison","startTime":1185.21,"endTime":1188.78,"body":"place, you're going to miss"},{"speaker":"Nick Murison","startTime":1185.21,"endTime":1188.78,"body":"security vulnerabilities, and"},{"speaker":"Nick Murison","startTime":1188.78,"endTime":1189.95,"body":"they're going to go out and"},{"speaker":"Nick Murison","startTime":1188.78,"endTime":1189.95,"body":"they're going to be in"},{"speaker":"Nick Murison","startTime":1189.95,"endTime":1195.86,"body":"production and get hurt by it."},{"speaker":"Nick Murison","startTime":1189.95,"endTime":1195.86,"body":"But it can also be a good thing"},{"speaker":"Nick Murison","startTime":1195.86,"endTime":1202.73,"body":"because if you're able to make"},{"speaker":"Nick Murison","startTime":1195.86,"endTime":1202.73,"body":"changes very quickly And you're"},{"speaker":"Nick Murison","startTime":1202.73,"endTime":1205.76,"body":"able to spot when something"},{"speaker":"Nick Murison","startTime":1202.73,"endTime":1205.76,"body":"launches or just before it"},{"speaker":"Nick Murison","startTime":1205.76,"endTime":1210.17,"body":"launches, ideally, that might be"},{"speaker":"Nick Murison","startTime":1205.76,"endTime":1210.17,"body":"a security issue, you can make a"},{"speaker":"Nick Murison","startTime":1210.17,"endTime":1214.97,"body":"change to fix that, ideally,"},{"speaker":"Nick Murison","startTime":1210.17,"endTime":1214.97,"body":"before it goes out the door very"},{"speaker":"Nick Murison","startTime":1214.97,"endTime":1222.53,"body":"quickly. And so that increased"},{"speaker":"Nick Murison","startTime":1214.97,"endTime":1222.53,"body":"speed can be can be a risk, they"},{"speaker":"Nick Murison","startTime":1222.53,"endTime":1225.05,"body":"can also help you address risk"},{"speaker":"Nick Murison","startTime":1222.53,"endTime":1225.05,"body":"as well, where you know,"},{"speaker":"Nick Murison","startTime":1225.05,"endTime":1227.12,"body":"someone, something you can turn"},{"speaker":"Nick Murison","startTime":1225.05,"endTime":1227.12,"body":"around really quickly."},{"speaker":"Robby Peralta","startTime":1227.87,"endTime":1230.33,"body":"Hmm. So if I'm"},{"speaker":"Robby Peralta","startTime":1227.87,"endTime":1230.33,"body":"understanding you correctly,"},{"speaker":"Robby Peralta","startTime":1230.33,"endTime":1234.26,"body":"obviously there this is a very"},{"speaker":"Robby Peralta","startTime":1230.33,"endTime":1234.26,"body":"complex, complex environment to"},{"speaker":"Robby Peralta","startTime":1234.26,"endTime":1236.9,"body":"work in both for security and"},{"speaker":"Robby Peralta","startTime":1234.26,"endTime":1236.9,"body":"developers. And there's, I mean,"},{"speaker":"Robby Peralta","startTime":1237.05,"endTime":1240.92,"body":"there's no correct answer. It's"},{"speaker":"Robby Peralta","startTime":1237.05,"endTime":1240.92,"body":"all dependent on a lot of"},{"speaker":"Robby Peralta","startTime":1240.92,"endTime":1243.92,"body":"variables that not one any one"},{"speaker":"Robby Peralta","startTime":1240.92,"endTime":1243.92,"body":"person controls. So what are"},{"speaker":"Robby Peralta","startTime":1243.92,"endTime":1246.65,"body":"companies doing about this? How"},{"speaker":"Robby Peralta","startTime":1243.92,"endTime":1246.65,"body":"are they going about solving the"},{"speaker":"Robby Peralta","startTime":1246.65,"endTime":1247.07,"body":"issue?"},{"speaker":"Nick Murison","startTime":1247.88,"endTime":1250.01,"body":"different"},{"speaker":"Nick Murison","startTime":1247.88,"endTime":1250.01,"body":"approaches? It sort of depends"},{"speaker":"Nick Murison","startTime":1250.01,"endTime":1252.47,"body":"on on who you are, what your"},{"speaker":"Nick Murison","startTime":1250.01,"endTime":1252.47,"body":"company is structured, like,"},{"speaker":"Nick Murison","startTime":1253.28,"endTime":1259.67,"body":"what your focuses. So a lot of a"},{"speaker":"Nick Murison","startTime":1253.28,"endTime":1259.67,"body":"lot of companies that are kind"},{"speaker":"Nick Murison","startTime":1259.67,"endTime":1264.98,"body":"of ahead of the curve, from a"},{"speaker":"Nick Murison","startTime":1259.67,"endTime":1264.98,"body":"security point of view, I would"},{"speaker":"Nick Murison","startTime":1266.18,"endTime":1270.38,"body":"boldly say, are the heavily"},{"speaker":"Nick Murison","startTime":1266.18,"endTime":1270.38,"body":"regulated and compliance driven"},{"speaker":"Nick Murison","startTime":1270.38,"endTime":1271.34,"body":"organizations out there?"},{"speaker":"Robby Peralta","startTime":1271.0,"endTime":1274.03,"body":"So finance,"},{"speaker":"Robby Peralta","startTime":1271.0,"endTime":1274.03,"body":"energy. Exactly."},{"speaker":"Nick Murison","startTime":1274.03,"endTime":1278.65,"body":"Yes. So these guys"},{"speaker":"Nick Murison","startTime":1274.03,"endTime":1278.65,"body":"have essentially, you know,"},{"speaker":"Nick Murison","startTime":1279.1,"endTime":1281.98,"body":"they've got a banking license,"},{"speaker":"Nick Murison","startTime":1279.1,"endTime":1281.98,"body":"let's take finance, as an"},{"speaker":"Nick Murison","startTime":1281.98,"endTime":1285.16,"body":"example, they have a license"},{"speaker":"Nick Murison","startTime":1281.98,"endTime":1285.16,"body":"from their respective government"},{"speaker":"Nick Murison","startTime":1285.16,"endTime":1290.86,"body":"to run a bank. And that license"},{"speaker":"Nick Murison","startTime":1285.16,"endTime":1290.86,"body":"is contingent on having a lot of"},{"speaker":"Nick Murison","startTime":1290.86,"endTime":1294.16,"body":"things in place, from a risk"},{"speaker":"Nick Murison","startTime":1290.86,"endTime":1294.16,"body":"point of view, from a Ford point"},{"speaker":"Nick Murison","startTime":1294.16,"endTime":1299.83,"body":"of view, from a security point"},{"speaker":"Nick Murison","startTime":1294.16,"endTime":1299.83,"body":"of view. And so you, you are"},{"speaker":"Nick Murison","startTime":1299.83,"endTime":1304.78,"body":"very well versed in making sure"},{"speaker":"Nick Murison","startTime":1299.83,"endTime":1304.78,"body":"that you reduce risk. And that"},{"speaker":"Nick Murison","startTime":1304.78,"endTime":1308.35,"body":"you have a lot of rules in place"},{"speaker":"Nick Murison","startTime":1304.78,"endTime":1308.35,"body":"to make sure that, you know,"},{"speaker":"Nick Murison","startTime":1308.65,"endTime":1312.22,"body":"people can't commit fraud. And"},{"speaker":"Nick Murison","startTime":1308.65,"endTime":1312.22,"body":"anything that you put out there,"},{"speaker":"Nick Murison","startTime":1312.22,"endTime":1318.61,"body":"production has passed, kind of a"},{"speaker":"Nick Murison","startTime":1312.22,"endTime":1318.61,"body":"hurdle of checks, for better or"},{"speaker":"Nick Murison","startTime":1318.61,"endTime":1323.41,"body":"for worse. So you end up with"},{"speaker":"Nick Murison","startTime":1318.61,"endTime":1323.41,"body":"some organizations becoming"},{"speaker":"Nick Murison","startTime":1323.41,"endTime":1326.11,"body":"slightly paralyzed by this"},{"speaker":"Nick Murison","startTime":1323.41,"endTime":1326.11,"body":"because they're heavily"},{"speaker":"Nick Murison","startTime":1326.11,"endTime":1330.91,"body":"compliance driven. And if you"},{"speaker":"Nick Murison","startTime":1326.11,"endTime":1330.91,"body":"look at, you know, how we did"},{"speaker":"Nick Murison","startTime":1330.91,"endTime":1335.68,"body":"compliance and security 20 years"},{"speaker":"Nick Murison","startTime":1330.91,"endTime":1335.68,"body":"ago, it worked really well,"},{"speaker":"Nick Murison","startTime":1336.07,"endTime":1339.73,"body":"because development was"},{"speaker":"Nick Murison","startTime":1336.07,"endTime":1339.73,"body":"waterfall based. But you want to"},{"speaker":"Nick Murison","startTime":1339.73,"endTime":1341.35,"body":"launch a new website? Well,"},{"speaker":"Nick Murison","startTime":1339.73,"endTime":1341.35,"body":"that's going to take three"},{"speaker":"Nick Murison","startTime":1341.35,"endTime":1344.8,"body":"years. And there's a giant Gantt"},{"speaker":"Nick Murison","startTime":1341.35,"endTime":1344.8,"body":"chart, and you know, the first"},{"speaker":"Nick Murison","startTime":1344.89,"endTime":1347.71,"body":"six months, such as planning and"},{"speaker":"Nick Murison","startTime":1344.89,"endTime":1347.71,"body":"requirements, analysis, and so"},{"speaker":"Nick Murison","startTime":1347.71,"endTime":1350.38,"body":"on. And then you got another"},{"speaker":"Nick Murison","startTime":1347.71,"endTime":1350.38,"body":"three months doing architecture"},{"speaker":"Nick Murison","startTime":1350.38,"endTime":1352.87,"body":"and design, and then you've got,"},{"speaker":"Nick Murison","startTime":1350.38,"endTime":1352.87,"body":"you know, maybe 12 months to"},{"speaker":"Nick Murison","startTime":1352.87,"endTime":1356.05,"body":"development, you got six months"},{"speaker":"Nick Murison","startTime":1352.87,"endTime":1356.05,"body":"doing testing, and I've lost"},{"speaker":"Nick Murison","startTime":1356.08,"endTime":1357.88,"body":"count of how many months they"},{"speaker":"Nick Murison","startTime":1356.08,"endTime":1357.88,"body":"are. But anyway,"},{"speaker":"Robby Peralta","startTime":1358.54,"endTime":1360.43,"body":"I'm sure"},{"speaker":"Robby Peralta","startTime":1358.54,"endTime":1360.43,"body":"compliance misses those days."},{"speaker":"Robby Peralta","startTime":1360.49,"endTime":1361.57,"body":"Those were the good ol' days for"},{"speaker":"Robby Peralta","startTime":1360.49,"endTime":1361.57,"body":"them."},{"speaker":"Nick Murison","startTime":1361.6,"endTime":1363.94,"body":"I think so. Yeah."},{"speaker":"Nick Murison","startTime":1361.6,"endTime":1363.94,"body":"Well, and the thing that gave"},{"speaker":"Nick Murison","startTime":1363.94,"endTime":1370.45,"body":"them defined time in the project"},{"speaker":"Nick Murison","startTime":1363.94,"endTime":1370.45,"body":"plan to look at security and"},{"speaker":"Nick Murison","startTime":1370.45,"endTime":1371.26,"body":"look at compliance."},{"speaker":"Robby Peralta","startTime":1372.43,"endTime":1373.48,"body":"Now you're"},{"speaker":"Robby Peralta","startTime":1372.43,"endTime":1373.48,"body":"thinking about this."},{"speaker":"Nick Murison","startTime":1374.42,"endTime":1376.04,"body":"Oh, it's, it's"},{"speaker":"Nick Murison","startTime":1374.42,"endTime":1376.04,"body":"October, we're gonna think about"},{"speaker":"Nick Murison","startTime":1376.04,"endTime":1379.01,"body":"security for the next two"},{"speaker":"Nick Murison","startTime":1376.04,"endTime":1379.01,"body":"months. Fantastic. That doesn't"},{"speaker":"Nick Murison","startTime":1379.01,"endTime":1383.21,"body":"work anymore. Because it's"},{"speaker":"Nick Murison","startTime":1379.01,"endTime":1383.21,"body":"Friday at three o'clock, and the"},{"speaker":"Nick Murison","startTime":1383.24,"endTime":1387.95,"body":"feature is going live at Friday"},{"speaker":"Nick Murison","startTime":1383.24,"endTime":1387.95,"body":"at four o'clock. And you can't"},{"speaker":"Nick Murison","startTime":1387.95,"endTime":1390.92,"body":"do all those things that you"},{"speaker":"Nick Murison","startTime":1387.95,"endTime":1390.92,"body":"used to do, you've got to come"},{"speaker":"Nick Murison","startTime":1390.92,"endTime":1393.11,"body":"up with a different way of"},{"speaker":"Nick Murison","startTime":1390.92,"endTime":1393.11,"body":"approaching it. And that's where"},{"speaker":"Nick Murison","startTime":1393.23,"endTime":1399.38,"body":"the, the tech companies, the"},{"speaker":"Nick Murison","startTime":1393.23,"endTime":1399.38,"body":"software companies are kind of"},{"speaker":"Nick Murison","startTime":1400.04,"endTime":1404.03,"body":"coming up the inside lanes of"},{"speaker":"Nick Murison","startTime":1400.04,"endTime":1404.03,"body":"speak now, because they might"},{"speaker":"Nick Murison","startTime":1404.03,"endTime":1408.29,"body":"have less of a compliance push."},{"speaker":"Nick Murison","startTime":1404.03,"endTime":1408.29,"body":"But they've got more of a"},{"speaker":"Nick Murison","startTime":1408.95,"endTime":1415.04,"body":"grassroots effort to to focus on"},{"speaker":"Nick Murison","startTime":1408.95,"endTime":1415.04,"body":"security. So you know, they've"},{"speaker":"Nick Murison","startTime":1415.04,"endTime":1420.86,"body":"kind of got the concept of"},{"speaker":"Nick Murison","startTime":1415.04,"endTime":1420.86,"body":"security champions, and in"},{"speaker":"Nick Murison","startTime":1420.86,"endTime":1424.64,"body":"Norway, you might call it a"},{"speaker":"Nick Murison","startTime":1420.86,"endTime":1424.64,"body":"inshallah, which doesn't"},{"speaker":"Nick Murison","startTime":1424.64,"endTime":1426.89,"body":"translate very well to English,"},{"speaker":"Nick Murison","startTime":1424.64,"endTime":1426.89,"body":"but you know, fire souls."},{"speaker":"Nick Murison","startTime":1429.32,"endTime":1430.49,"body":"Sounds like a Will Ferrell"},{"speaker":"Nick Murison","startTime":1429.32,"endTime":1430.49,"body":"movie."},{"speaker":"Nick Murison","startTime":1432.98,"endTime":1435.77,"body":"But yeah, but the companies that"},{"speaker":"Nick Murison","startTime":1432.98,"endTime":1435.77,"body":"I've seen have done a, they've"},{"speaker":"Nick Murison","startTime":1435.77,"endTime":1440.36,"body":"done a really good job of this"},{"speaker":"Nick Murison","startTime":1435.77,"endTime":1440.36,"body":"have, essentially some sort of"},{"speaker":"Nick Murison","startTime":1441.59,"endTime":1446.93,"body":"team or department that is"},{"speaker":"Nick Murison","startTime":1441.59,"endTime":1446.93,"body":"responsible for getting security"},{"speaker":"Nick Murison","startTime":1446.93,"endTime":1450.17,"body":"into development. So you might"},{"speaker":"Nick Murison","startTime":1446.93,"endTime":1450.17,"body":"call them an app sec team, you"},{"speaker":"Nick Murison","startTime":1450.17,"endTime":1453.65,"body":"might call them a software"},{"speaker":"Nick Murison","startTime":1450.17,"endTime":1453.65,"body":"security group, or something"},{"speaker":"Nick Murison","startTime":1453.65,"endTime":1458.15,"body":"like that. And essentially, what"},{"speaker":"Nick Murison","startTime":1453.65,"endTime":1458.15,"body":"their responsibility is, is to"},{"speaker":"Nick Murison","startTime":1458.15,"endTime":1461.33,"body":"build security into how you do"},{"speaker":"Nick Murison","startTime":1458.15,"endTime":1461.33,"body":"software development, or help"},{"speaker":"Nick Murison","startTime":1461.36,"endTime":1464.21,"body":"the developers do it, depending"},{"speaker":"Nick Murison","startTime":1461.36,"endTime":1464.21,"body":"on how the organization's"},{"speaker":"Nick Murison","startTime":1464.57,"endTime":1467.69,"body":"structured, that they're hitting"},{"speaker":"Nick Murison","startTime":1464.57,"endTime":1467.69,"body":"you without the meeting."},{"speaker":"Nick Murison","startTime":1467.69,"endTime":1472.55,"body":"Exactly. And that and that, and"},{"speaker":"Nick Murison","startTime":1467.69,"endTime":1472.55,"body":"that has been, you know, classic"},{"speaker":"Nick Murison","startTime":1472.55,"endTime":1476.66,"body":"problem. And unfortunately, you"},{"speaker":"Nick Murison","startTime":1472.55,"endTime":1476.66,"body":"know, I, every once in a while"},{"speaker":"Nick Murison","startTime":1476.66,"endTime":1480.32,"body":"when I speak to I'm kind of"},{"speaker":"Nick Murison","startTime":1476.66,"endTime":1480.32,"body":"fortunate now that I work in"},{"speaker":"Nick Murison","startTime":1480.32,"endTime":1484.19,"body":"Mars because I tend to be"},{"speaker":"Nick Murison","startTime":1480.32,"endTime":1484.19,"body":"talking to developers. But every"},{"speaker":"Nick Murison","startTime":1484.19,"endTime":1486.44,"body":"once in a while I speak to"},{"speaker":"Nick Murison","startTime":1484.19,"endTime":1486.44,"body":"security people as well. And you"},{"speaker":"Nick Murison","startTime":1486.44,"endTime":1488.57,"body":"know, they're they're frustrated"},{"speaker":"Nick Murison","startTime":1486.44,"endTime":1488.57,"body":"and so the developers because"},{"speaker":"Nick Murison","startTime":1488.57,"endTime":1491.06,"body":"they're still sort of, they"},{"speaker":"Nick Murison","startTime":1488.57,"endTime":1491.06,"body":"haven't quite met in the middle."},{"speaker":"Nick Murison","startTime":1492.38,"endTime":1494.99,"body":"What some places they have but"},{"speaker":"Nick Murison","startTime":1492.38,"endTime":1494.99,"body":"but not everywhere. And every"},{"speaker":"Nick Murison","startTime":1494.99,"endTime":1498.86,"body":"once in a while I'm talking to"},{"speaker":"Nick Murison","startTime":1494.99,"endTime":1498.86,"body":"security person and they just"},{"speaker":"Nick Murison","startTime":1498.86,"endTime":1501.26,"body":"haven't quite got the mentality"},{"speaker":"Nick Murison","startTime":1498.86,"endTime":1501.26,"body":"yet. They're still thinking that"},{"speaker":"Nick Murison","startTime":1501.26,"endTime":1507.29,"body":"the developers are either not"},{"speaker":"Nick Murison","startTime":1501.26,"endTime":1507.29,"body":"listening to them, or not smart"},{"speaker":"Nick Murison","startTime":1507.29,"endTime":1515.36,"body":"enough or are maliciously"},{"speaker":"Nick Murison","startTime":1507.29,"endTime":1515.36,"body":"ignoring them, or something, it"},{"speaker":"Robby Peralta","startTime":1515.0,"endTime":1517.46,"body":"I want to say"},{"speaker":"Robby Peralta","startTime":1515.0,"endTime":1517.46,"body":"security people think that about"},{"speaker":"Robby Peralta","startTime":1515.36,"endTime":1515.93,"body":"can be a variety of"},{"speaker":"Robby Peralta","startTime":1517.46,"endTime":1517.94,"body":"everybody"},{"speaker":"Nick Murison","startTime":1519.68,"endTime":1522.98,"body":"I was definitely"},{"speaker":"Nick Murison","startTime":1519.68,"endTime":1522.98,"body":"guilty of that for a while. And,"},{"speaker":"Nick Murison","startTime":1523.37,"endTime":1529.43,"body":"you know, having having lived"},{"speaker":"Nick Murison","startTime":1523.37,"endTime":1529.43,"body":"through a few sort of, sort of"},{"speaker":"Nick Murison","startTime":1529.58,"endTime":1533.96,"body":"interesting struggles in various"},{"speaker":"Nick Murison","startTime":1529.58,"endTime":1533.96,"body":"organizations where I come in,"},{"speaker":"Nick Murison","startTime":1533.96,"endTime":1536.72,"body":"and I'm the security guy, you"},{"speaker":"Nick Murison","startTime":1533.96,"endTime":1536.72,"body":"know, here's Nick, he's had to"},{"speaker":"Nick Murison","startTime":1536.72,"endTime":1541.37,"body":"break your stuff. And dealing"},{"speaker":"Nick Murison","startTime":1536.72,"endTime":1541.37,"body":"with the confrontations and the"},{"speaker":"Nick Murison","startTime":1541.37,"endTime":1545.51,"body":"conflicts that can cause you"},{"speaker":"Nick Murison","startTime":1541.37,"endTime":1545.51,"body":"learn quickly that you got to"},{"speaker":"Nick Murison","startTime":1545.51,"endTime":1547.64,"body":"get on the good side of the"},{"speaker":"Nick Murison","startTime":1545.51,"endTime":1547.64,"body":"other developers, because the"},{"speaker":"Nick Murison","startTime":1547.64,"endTime":1552.74,"body":"other ones actually. They're the"},{"speaker":"Nick Murison","startTime":1547.64,"endTime":1552.74,"body":"ones building the new stuff."},{"speaker":"Nick Murison","startTime":1552.8,"endTime":1559.46,"body":"They're the ones pushing the"},{"speaker":"Nick Murison","startTime":1552.8,"endTime":1559.46,"body":"business forward. Anyway, where"},{"speaker":"Nick Murison","startTime":1559.46,"endTime":1563.03,"body":"was I? Yeah, so a lot of"},{"speaker":"Nick Murison","startTime":1559.46,"endTime":1563.03,"body":"companies will have some sort of"},{"speaker":"Nick Murison","startTime":1563.03,"endTime":1566.93,"body":"app sect team or software"},{"speaker":"Nick Murison","startTime":1563.03,"endTime":1566.93,"body":"security group. And then they'll"},{"speaker":"Nick Murison","startTime":1566.93,"endTime":1570.02,"body":"have something that you might"},{"speaker":"Nick Murison","startTime":1566.93,"endTime":1570.02,"body":"call a secure development"},{"speaker":"Nick Murison","startTime":1570.02,"endTime":1572.99,"body":"lifecycle, or software security"},{"speaker":"Nick Murison","startTime":1570.02,"endTime":1572.99,"body":"development lifecycle, or"},{"speaker":"Nick Murison","startTime":1572.99,"endTime":1579.23,"body":"something along those lines. And"},{"speaker":"Nick Murison","startTime":1572.99,"endTime":1579.23,"body":"it's essentially, an overlay of"},{"speaker":"Nick Murison","startTime":1579.47,"endTime":1583.61,"body":"here are activities that we're"},{"speaker":"Nick Murison","startTime":1579.47,"endTime":1583.61,"body":"going to do as part of while"},{"speaker":"Nick Murison","startTime":1583.61,"endTime":1588.77,"body":"development runs. to look out"},{"speaker":"Nick Murison","startTime":1583.61,"endTime":1588.77,"body":"for security issues, we're going"},{"speaker":"Nick Murison","startTime":1588.77,"endTime":1591.08,"body":"to, we're going to try and find"},{"speaker":"Nick Murison","startTime":1588.77,"endTime":1591.08,"body":"issues early, we're going to try"},{"speaker":"Nick Murison","startTime":1591.08,"endTime":1593.12,"body":"and fix them. And we're going to"},{"speaker":"Nick Murison","startTime":1591.08,"endTime":1593.12,"body":"try and prevent them from"},{"speaker":"Nick Murison","startTime":1593.12,"endTime":1598.28,"body":"happening in the first place."},{"speaker":"Nick Murison","startTime":1593.12,"endTime":1598.28,"body":"And there's a lot of activities"},{"speaker":"Nick Murison","startTime":1598.28,"endTime":1601.61,"body":"you could be doing. And it sort"},{"speaker":"Nick Murison","startTime":1598.28,"endTime":1601.61,"body":"of depends on where you are,"},{"speaker":"Nick Murison","startTime":1601.88,"endTime":1604.7,"body":"maturity wise as organization,"},{"speaker":"Nick Murison","startTime":1601.88,"endTime":1604.7,"body":"what you're doing is development"},{"speaker":"Nick Murison","startTime":1604.7,"endTime":1607.25,"body":"already. Are you automating a"},{"speaker":"Nick Murison","startTime":1604.7,"endTime":1607.25,"body":"bunch of stuff? Or are you still"},{"speaker":"Nick Murison","startTime":1607.25,"endTime":1611.03,"body":"doing manual code reviews? Are"},{"speaker":"Nick Murison","startTime":1607.25,"endTime":1611.03,"body":"you doing waterfall? Are you"},{"speaker":"Nick Murison","startTime":1611.03,"endTime":1617.27,"body":"doing Scrum? Are you doing? Are"},{"speaker":"Nick Murison","startTime":1611.03,"endTime":1617.27,"body":"you kind of a bit more cicd?"},{"speaker":"Nick Murison","startTime":1617.3,"endTime":1620.9,"body":"Where are you kind of on that"},{"speaker":"Nick Murison","startTime":1617.3,"endTime":1620.9,"body":"spectrum? Are you a flat"},{"speaker":"Nick Murison","startTime":1620.9,"endTime":1623.42,"body":"organization where you're"},{"speaker":"Nick Murison","startTime":1620.9,"endTime":1623.42,"body":"hierarchical? It all depends on"},{"speaker":"Nick Murison","startTime":1623.45,"endTime":1626.75,"body":"certain things are going to work"},{"speaker":"Nick Murison","startTime":1623.45,"endTime":1626.75,"body":"better for you than others, so"},{"speaker":"Nick Murison","startTime":1628.58,"endTime":1631.82,"body":"and that, and that's the that's"},{"speaker":"Nick Murison","startTime":1628.58,"endTime":1631.82,"body":"the challenge for all"},{"speaker":"Nick Murison","startTime":1631.82,"endTime":1634.67,"body":"organizations starting off"},{"speaker":"Nick Murison","startTime":1631.82,"endTime":1634.67,"body":"trying to, you know, when they"},{"speaker":"Nick Murison","startTime":1634.67,"endTime":1640.4,"body":"saying, how do we get security"},{"speaker":"Nick Murison","startTime":1634.67,"endTime":1640.4,"body":"into development? Well, there's"},{"speaker":"Nick Murison","startTime":1641.06,"endTime":1648.38,"body":"a, there's 120 things you could"},{"speaker":"Nick Murison","startTime":1641.06,"endTime":1648.38,"body":"be doing. pick three, and, you"},{"speaker":"Nick Murison","startTime":1648.38,"endTime":1652.82,"body":"know, make those three things"},{"speaker":"Nick Murison","startTime":1648.38,"endTime":1652.82,"body":"work. And don't try to make 120"},{"speaker":"Nick Murison","startTime":1652.82,"endTime":1656.03,"body":"things work, make three things"},{"speaker":"Nick Murison","startTime":1652.82,"endTime":1656.03,"body":"work. And then when they work"},{"speaker":"Nick Murison","startTime":1656.03,"endTime":1660.47,"body":"really well, look at Okay, what"},{"speaker":"Nick Murison","startTime":1656.03,"endTime":1660.47,"body":"else can we do? So so it has to"},{"speaker":"Nick Murison","startTime":1660.47,"endTime":1663.35,"body":"be a journey, it has to be"},{"speaker":"Nick Murison","startTime":1660.47,"endTime":1663.35,"body":"maturity journey. You can't just"},{"speaker":"Nick Murison","startTime":1663.35,"endTime":1667.28,"body":"go from zero to 200 in a year,"},{"speaker":"Nick Murison","startTime":1663.35,"endTime":1667.28,"body":"for example."},{"speaker":"Robby Peralta","startTime":1668.21,"endTime":1669.98,"body":"And that's what"},{"speaker":"Robby Peralta","startTime":1668.21,"endTime":1669.98,"body":"makes this podcast really hard."},{"speaker":"Robby Peralta","startTime":1669.98,"endTime":1672.02,"body":"Because like, I wish we could"},{"speaker":"Robby Peralta","startTime":1669.98,"endTime":1672.02,"body":"just give everybody like the"},{"speaker":"Robby Peralta","startTime":1672.02,"endTime":1675.02,"body":"golden answer. But that's"},{"speaker":"Robby Peralta","startTime":1672.02,"endTime":1675.02,"body":"literally impossible for this"},{"speaker":"Robby Peralta","startTime":1675.5,"endTime":1676.31,"body":"for this topic."},{"speaker":"Nick Murison","startTime":1676.76,"endTime":1680.93,"body":"It is, I think, I"},{"speaker":"Nick Murison","startTime":1676.76,"endTime":1680.93,"body":"mean, a while ago, it was a much"},{"speaker":"Nick Murison","startTime":1680.93,"endTime":1684.29,"body":"more daunting, I think, but"},{"speaker":"Nick Murison","startTime":1680.93,"endTime":1684.29,"body":"nowadays, you're seeing a lot"},{"speaker":"Nick Murison","startTime":1684.29,"endTime":1692.78,"body":"more technology that enables"},{"speaker":"Nick Murison","startTime":1684.29,"endTime":1692.78,"body":"developers to kind of take upon"},{"speaker":"Nick Murison","startTime":1692.78,"endTime":1697.28,"body":"themselves certain security"},{"speaker":"Nick Murison","startTime":1692.78,"endTime":1697.28,"body":"responsibility. That just didn't"},{"speaker":"Nick Murison","startTime":1697.28,"endTime":1701.69,"body":"exist before. And I think if you"},{"speaker":"Nick Murison","startTime":1697.28,"endTime":1701.69,"body":"look at like, what GitHub is"},{"speaker":"Nick Murison","startTime":1701.69,"endTime":1706.01,"body":"doing with their GitHub actions"},{"speaker":"Nick Murison","startTime":1701.69,"endTime":1706.01,"body":"and their advanced security"},{"speaker":"Nick Murison","startTime":1706.01,"endTime":1709.31,"body":"platform and stuff, where it's"},{"speaker":"Nick Murison","startTime":1706.01,"endTime":1709.31,"body":"literally, hey, developer, do"},{"speaker":"Nick Murison","startTime":1709.31,"endTime":1712.28,"body":"you want to turn on this feature"},{"speaker":"Nick Murison","startTime":1709.31,"endTime":1712.28,"body":"that will and will tell you if"},{"speaker":"Nick Murison","startTime":1712.28,"endTime":1717.8,"body":"you introduce a security issue?"},{"speaker":"Nick Murison","startTime":1712.28,"endTime":1717.8,"body":"or Why not? If you want to add"},{"speaker":"Nick Murison","startTime":1717.89,"endTime":1722.06,"body":"your you know, your shoe"},{"speaker":"Nick Murison","startTime":1717.89,"endTime":1722.06,"body":"tracking system? app? Sure. That"},{"speaker":"Nick Murison","startTime":1722.06,"endTime":1725.27,"body":"sounds fantastic. Thanks. Those"},{"speaker":"Nick Murison","startTime":1722.06,"endTime":1725.27,"body":"things that make it easier for"},{"speaker":"Nick Murison","startTime":1725.27,"endTime":1731.87,"body":"developers to get a handle on"},{"speaker":"Nick Murison","startTime":1725.27,"endTime":1731.87,"body":"security issues early. They're"},{"speaker":"Nick Murison","startTime":1731.87,"endTime":1735.83,"body":"becoming more normalized in"},{"speaker":"Nick Murison","startTime":1731.87,"endTime":1735.83,"body":"love, in love the color modern"},{"speaker":"Nick Murison","startTime":1735.83,"endTime":1736.82,"body":"development technologies?"},{"speaker":"Robby Peralta","startTime":1737.39,"endTime":1739.52,"body":"Yeah, that's what"},{"speaker":"Robby Peralta","startTime":1737.39,"endTime":1739.52,"body":"I've been hearing a lot. One of"},{"speaker":"Robby Peralta","startTime":1739.52,"endTime":1742.52,"body":"the common denominators of all"},{"speaker":"Robby Peralta","startTime":1739.52,"endTime":1742.52,"body":"these conversations I've had, is"},{"speaker":"Robby Peralta","startTime":1742.52,"endTime":1746.57,"body":"that put security into their"},{"speaker":"Robby Peralta","startTime":1742.52,"endTime":1746.57,"body":"existing their whatever they're"},{"speaker":"Robby Peralta","startTime":1746.57,"endTime":1749.75,"body":"doing today, put security in"},{"speaker":"Robby Peralta","startTime":1746.57,"endTime":1749.75,"body":"there. And then most least"},{"speaker":"Robby Peralta","startTime":1749.75,"endTime":1752.75,"body":"intrusive way. Exactly. If you"},{"speaker":"Robby Peralta","startTime":1749.75,"endTime":1752.75,"body":"want it to work."},{"speaker":"Nick Murison","startTime":1752.78,"endTime":1754.49,"body":"Yeah, absolutely."},{"speaker":"Nick Murison","startTime":1756.02,"endTime":1761.21,"body":"Yeah, I mean, if you try and"},{"speaker":"Nick Murison","startTime":1756.02,"endTime":1761.21,"body":"introduce an entirely separate"},{"speaker":"Nick Murison","startTime":1763.85,"endTime":1769.43,"body":"project flow, for the security"},{"speaker":"Nick Murison","startTime":1763.85,"endTime":1769.43,"body":"stuff, that doesn't work within"},{"speaker":"Nick Murison","startTime":1769.43,"endTime":1771.8,"body":"the confines of how development"},{"speaker":"Nick Murison","startTime":1769.43,"endTime":1771.8,"body":"is working, now, you're not"},{"speaker":"Nick Murison","startTime":1771.8,"endTime":1776.84,"body":"gonna get anywhere. But if you"},{"speaker":"Nick Murison","startTime":1771.8,"endTime":1776.84,"body":"if they've got a continuous"},{"speaker":"Nick Murison","startTime":1776.84,"endTime":1779.6,"body":"integration pipeline where they"},{"speaker":"Nick Murison","startTime":1776.84,"endTime":1779.6,"body":"you know, build the software"},{"speaker":"Nick Murison","startTime":1779.81,"endTime":1783.41,"body":"unit, test the software, and"},{"speaker":"Nick Murison","startTime":1779.81,"endTime":1783.41,"body":"deploy it into a testing"},{"speaker":"Nick Murison","startTime":1783.41,"endTime":1785.54,"body":"environment and do some other"},{"speaker":"Nick Murison","startTime":1783.41,"endTime":1785.54,"body":"testing in there and then deploy"},{"speaker":"Nick Murison","startTime":1785.54,"endTime":1789.02,"body":"to production. Use that"},{"speaker":"Nick Murison","startTime":1785.54,"endTime":1789.02,"body":"pipeline, you know, oh, they're"},{"speaker":"Nick Murison","startTime":1789.02,"endTime":1791.03,"body":"building the software and"},{"speaker":"Nick Murison","startTime":1789.02,"endTime":1791.03,"body":"they're running some unit tests."},{"speaker":"Nick Murison","startTime":1791.03,"endTime":1793.58,"body":"Fantastic. Why don't they run"},{"speaker":"Nick Murison","startTime":1791.03,"endTime":1793.58,"body":"some, I don't know static"},{"speaker":"Nick Murison","startTime":1793.58,"endTime":1797.69,"body":"analysis for security issues at"},{"speaker":"Nick Murison","startTime":1793.58,"endTime":1797.69,"body":"the same at the same time. It's"},{"speaker":"Nick Murison","startTime":1797.69,"endTime":1800.75,"body":"just, it's adding some stuff to"},{"speaker":"Nick Murison","startTime":1797.69,"endTime":1800.75,"body":"the pipeline. Now you do have to"},{"speaker":"Nick Murison","startTime":1800.75,"endTime":1806.78,"body":"be careful about does that cause"},{"speaker":"Nick Murison","startTime":1800.75,"endTime":1806.78,"body":"the time to build to increase a"},{"speaker":"Nick Murison","startTime":1806.78,"endTime":1810.53,"body":"lot? Does it introduce a whole"},{"speaker":"Nick Murison","startTime":1806.78,"endTime":1810.53,"body":"bunch of new issues that nobody"},{"speaker":"Nick Murison","startTime":1810.53,"endTime":1813.71,"body":"was prepared to handle? That"},{"speaker":"Nick Murison","startTime":1810.53,"endTime":1813.71,"body":"kind of stuff. So you do have to"},{"speaker":"Nick Murison","startTime":1813.71,"endTime":1817.34,"body":"be careful about it. But"},{"speaker":"Nick Murison","startTime":1813.71,"endTime":1817.34,"body":"essentially, if you can do stuff"},{"speaker":"Nick Murison","startTime":1817.34,"endTime":1821.57,"body":"that helps the developers write"},{"speaker":"Nick Murison","startTime":1817.34,"endTime":1821.57,"body":"better code in a way that"},{"speaker":"Nick Murison","startTime":1821.6,"endTime":1824.39,"body":"doesn't slow them down, then"},{"speaker":"Nick Murison","startTime":1821.6,"endTime":1824.39,"body":"they're going to appreciate"},{"speaker":"Nick Murison","startTime":1824.39,"endTime":1824.69,"body":"that."},{"speaker":"Robby Peralta","startTime":1825.41,"endTime":1828.56,"body":"Huh, right. By"},{"speaker":"Robby Peralta","startTime":1825.41,"endTime":1828.56,"body":"the way, I'm trying to figure"},{"speaker":"Robby Peralta","startTime":1828.56,"endTime":1831.68,"body":"out who the best you know, it"},{"speaker":"Robby Peralta","startTime":1828.56,"endTime":1831.68,"body":"could just be that the seaso and"},{"speaker":"Robby Peralta","startTime":1831.68,"endTime":1835.01,"body":"the, the head of development"},{"speaker":"Robby Peralta","startTime":1831.68,"endTime":1835.01,"body":"team need to, you know, drink a"},{"speaker":"Robby Peralta","startTime":1835.01,"endTime":1837.74,"body":"lot of beers together and become"},{"speaker":"Robby Peralta","startTime":1835.01,"endTime":1837.74,"body":"best friends. But who in your"},{"speaker":"Robby Peralta","startTime":1837.74,"endTime":1841.49,"body":"experience has the most focus on"},{"speaker":"Robby Peralta","startTime":1837.74,"endTime":1841.49,"body":"software security? Is it c SOS?"},{"speaker":"Robby Peralta","startTime":1841.49,"endTime":1845.48,"body":"Or is it more like product"},{"speaker":"Robby Peralta","startTime":1841.49,"endTime":1845.48,"body":"directors and CTOs? Are? We"},{"speaker":"Robby Peralta","startTime":1845.48,"endTime":1847.85,"body":"laughed earlier about sales"},{"speaker":"Robby Peralta","startTime":1845.48,"endTime":1847.85,"body":"people actually caring now these"},{"speaker":"Robby Peralta","startTime":1847.85,"endTime":1849.65,"body":"days? Yeah, the most."},{"speaker":"Nick Murison","startTime":1850.77,"endTime":1853.38,"body":"I actually, well,"},{"speaker":"Nick Murison","startTime":1850.77,"endTime":1853.38,"body":"a lot of the most immediate"},{"speaker":"Nick Murison","startTime":1853.41,"endTime":1858.27,"body":"caring is from sales. Usually."},{"speaker":"Nick Murison","startTime":1853.41,"endTime":1858.27,"body":"If you've just, you know, if"},{"speaker":"Nick Murison","startTime":1858.27,"endTime":1863.73,"body":"you've just lost a deal, because"},{"speaker":"Nick Murison","startTime":1858.27,"endTime":1863.73,"body":"your competition is able to show"},{"speaker":"Nick Murison","startTime":1863.73,"endTime":1867.39,"body":"that they are they have a better"},{"speaker":"Nick Murison","startTime":1863.73,"endTime":1867.39,"body":"grip on security in the app in"},{"speaker":"Nick Murison","startTime":1867.39,"endTime":1870.45,"body":"their application, or product,"},{"speaker":"Nick Murison","startTime":1867.39,"endTime":1870.45,"body":"or SAS platform, or whatever it"},{"speaker":"Nick Murison","startTime":1870.45,"endTime":1872.97,"body":"is that you're selling. You"},{"speaker":"Nick Murison","startTime":1870.45,"endTime":1872.97,"body":"know, if your competition can"},{"speaker":"Nick Murison","startTime":1872.97,"endTime":1877.35,"body":"show a better security story"},{"speaker":"Nick Murison","startTime":1872.97,"endTime":1877.35,"body":"than you can. That's, that's"},{"speaker":"Nick Murison","startTime":1877.35,"endTime":1881.64,"body":"really painful for sales. And"},{"speaker":"Nick Murison","startTime":1877.35,"endTime":1881.64,"body":"they're gonna go probably yell"},{"speaker":"Nick Murison","startTime":1881.64,"endTime":1883.95,"body":"at product management and say,"},{"speaker":"Nick Murison","startTime":1881.64,"endTime":1883.95,"body":"why isn't? Why don't we have a"},{"speaker":"Nick Murison","startTime":1883.95,"endTime":1884.49,"body":"good story?"},{"speaker":"Robby Peralta","startTime":1885.66,"endTime":1887.34,"body":"As a sales guy, I"},{"speaker":"Robby Peralta","startTime":1885.66,"endTime":1887.34,"body":"can't blame that on the fact"},{"speaker":"Robby Peralta","startTime":1887.34,"endTime":1891.99,"body":"that they're trying to cover"},{"speaker":"Robby Peralta","startTime":1887.34,"endTime":1891.99,"body":"their a$$. I'm pretty sure they"},{"speaker":"Robby Peralta","startTime":1891.99,"endTime":1893.91,"body":"want to make sure that every"},{"speaker":"Robby Peralta","startTime":1891.99,"endTime":1893.91,"body":"knows wasn't their fault."},{"speaker":"Nick Murison","startTime":1894.09,"endTime":1897.27,"body":"Exactly. Well, but"},{"speaker":"Nick Murison","startTime":1894.09,"endTime":1897.27,"body":"I mean, yeah, and that's, you"},{"speaker":"Nick Murison","startTime":1897.27,"endTime":1899.82,"body":"know, sometimes that's the case,"},{"speaker":"Nick Murison","startTime":1897.27,"endTime":1899.82,"body":"but I have spoken to customers"},{"speaker":"Nick Murison","startTime":1899.82,"endTime":1904.23,"body":"who, you know, they have had"},{"speaker":"Nick Murison","startTime":1899.82,"endTime":1904.23,"body":"customers say, we're not going"},{"speaker":"Nick Murison","startTime":1904.23,"endTime":1908.49,"body":"to go with you, because you"},{"speaker":"Nick Murison","startTime":1904.23,"endTime":1908.49,"body":"didn't tell a good as good as it"},{"speaker":"Nick Murison","startTime":1908.49,"endTime":1911.31,"body":"could be story as as your"},{"speaker":"Nick Murison","startTime":1908.49,"endTime":1911.31,"body":"competition. And that's always"},{"speaker":"Nick Murison","startTime":1911.31,"endTime":1915.39,"body":"usually around compliance, you"},{"speaker":"Nick Murison","startTime":1911.31,"endTime":1915.39,"body":"know, do you are you certified"},{"speaker":"Nick Murison","startTime":1915.39,"endTime":1920.7,"body":"against ISO 27001. And the"},{"speaker":"Nick Murison","startTime":1915.39,"endTime":1920.7,"body":"vendor that is gets the deal."},{"speaker":"Nick Murison","startTime":1921.93,"endTime":1927.51,"body":"The thing to look, the thing"},{"speaker":"Nick Murison","startTime":1921.93,"endTime":1927.51,"body":"that you need to look out for"},{"speaker":"Nick Murison","startTime":1927.51,"endTime":1930.6,"body":"need to be aware of, is that"},{"speaker":"Nick Murison","startTime":1927.51,"endTime":1930.6,"body":"when we talk about security and"},{"speaker":"Nick Murison","startTime":1930.6,"endTime":1936.27,"body":"compliance, very little of it,"},{"speaker":"Nick Murison","startTime":1930.6,"endTime":1936.27,"body":"specifically addresses software"},{"speaker":"Nick Murison","startTime":1936.27,"endTime":1941.22,"body":"security. So if you look at ISO"},{"speaker":"Nick Murison","startTime":1936.27,"endTime":1941.22,"body":"27001 as a, you know, it's an"},{"speaker":"Nick Murison","startTime":1941.22,"endTime":1945.96,"body":"international standard, it's"},{"speaker":"Nick Murison","startTime":1941.22,"endTime":1945.96,"body":"been around for 20 years, ish."},{"speaker":"Nick Murison","startTime":1947.4,"endTime":1953.16,"body":"And everyone, all the big"},{"speaker":"Nick Murison","startTime":1947.4,"endTime":1953.16,"body":"corporates have it. And a lot of"},{"speaker":"Nick Murison","startTime":1953.16,"endTime":1955.08,"body":"corporates now expect,"},{"speaker":"Nick Murison","startTime":1953.16,"endTime":1955.08,"body":"especially in Europe, they"},{"speaker":"Nick Murison","startTime":1955.08,"endTime":1958.26,"body":"expect the vendors to have it,"},{"speaker":"Nick Murison","startTime":1955.08,"endTime":1958.26,"body":"to be certified against it, and"},{"speaker":"Nick Murison","startTime":1958.26,"endTime":1963.66,"body":"so on. It doesn't say a lot of"},{"speaker":"Nick Murison","startTime":1958.26,"endTime":1963.66,"body":"us offers, Qt does say, you"},{"speaker":"Nick Murison","startTime":1963.66,"endTime":1966.93,"body":"know, put put security engine"},{"speaker":"Nick Murison","startTime":1963.66,"endTime":1966.93,"body":"development processes and so on."},{"speaker":"Nick Murison","startTime":1967.77,"endTime":1968.91,"body":"But it doesn't say much more"},{"speaker":"Nick Murison","startTime":1967.77,"endTime":1968.91,"body":"than that."},{"speaker":"Nick Murison","startTime":1970.23,"endTime":1972.75,"body":"PCI, you know, if you're dealing"},{"speaker":"Nick Murison","startTime":1970.23,"endTime":1972.75,"body":"with Payment Card Industry"},{"speaker":"Nick Murison","startTime":1972.75,"endTime":1973.11,"body":"stuff,"},{"speaker":"Nick Murison","startTime":1974.79,"endTime":1978.33,"body":"says a little bit more, but not"},{"speaker":"Nick Murison","startTime":1974.79,"endTime":1978.33,"body":"a whole lot more. And so a lot"},{"speaker":"Nick Murison","startTime":1978.33,"endTime":1980.49,"body":"of the standards are kind of"},{"speaker":"Nick Murison","startTime":1978.33,"endTime":1980.49,"body":"wider, that, you know, they're"},{"speaker":"Nick Murison","startTime":1980.49,"endTime":1982.98,"body":"looking at it, security"},{"speaker":"Nick Murison","startTime":1980.49,"endTime":1982.98,"body":"information security as a whole,"},{"speaker":"Nick Murison","startTime":1983.28,"endTime":1987.87,"body":"they're not looking at software"},{"speaker":"Nick Murison","startTime":1983.28,"endTime":1987.87,"body":"security. So you know, I've,"},{"speaker":"Nick Murison","startTime":1988.2,"endTime":1991.38,"body":"I've been in companies where,"},{"speaker":"Nick Murison","startTime":1988.2,"endTime":1991.38,"body":"you know, I got flown in at"},{"speaker":"Nick Murison","startTime":1991.38,"endTime":1994.14,"body":"short notice to to help them"},{"speaker":"Nick Murison","startTime":1991.38,"endTime":1994.14,"body":"because they got hacked, and you"},{"speaker":"Nick Murison","startTime":1994.14,"endTime":1997.35,"body":"know, the the head of IT"},{"speaker":"Nick Murison","startTime":1994.14,"endTime":1997.35,"body":"security sitting there in his"},{"speaker":"Nick Murison","startTime":1997.35,"endTime":2000.53,"body":"office, and you know, not having"},{"speaker":"Nick Murison","startTime":1997.35,"endTime":2000.53,"body":"a day and behind them on the"},{"speaker":"Nick Murison","startTime":2000.53,"endTime":2007.01,"body":"wall, is there ISO 27001"},{"speaker":"Nick Murison","startTime":2000.53,"endTime":2007.01,"body":"certificate framed. And that's,"},{"speaker":"Nick Murison","startTime":2007.1,"endTime":2010.91,"body":"you know, as long as say that I"},{"speaker":"Nick Murison","startTime":2007.1,"endTime":2010.91,"body":"said, then, you know, isn't a"},{"speaker":"Nick Murison","startTime":2010.91,"endTime":2014.66,"body":"good standard doesn't, you know,"},{"speaker":"Nick Murison","startTime":2010.91,"endTime":2014.66,"body":"prove a point. But it doesn't"},{"speaker":"Nick Murison","startTime":2014.66,"endTime":2017.12,"body":"mean that you're infallible, it"},{"speaker":"Nick Murison","startTime":2014.66,"endTime":2017.12,"body":"doesn't mean that you're 100%"},{"speaker":"Nick Murison","startTime":2017.12,"endTime":2020.6,"body":"secure. And if some and if your"},{"speaker":"Nick Murison","startTime":2017.12,"endTime":2020.6,"body":"focus has been on, let's say,"},{"speaker":"Nick Murison","startTime":2020.6,"endTime":2023.06,"body":"infrastructure security for the"},{"speaker":"Nick Murison","startTime":2020.6,"endTime":2023.06,"body":"past 20 years, and not on"},{"speaker":"Nick Murison","startTime":2023.06,"endTime":2029.42,"body":"software security, I think,"},{"speaker":"Nick Murison","startTime":2023.06,"endTime":2029.42,"body":"moving forward, a lot of the"},{"speaker":"Nick Murison","startTime":2029.42,"endTime":2034.85,"body":"issues that are going to be kind"},{"speaker":"Nick Murison","startTime":2029.42,"endTime":2034.85,"body":"of the big sort of page Turners,"},{"speaker":"Nick Murison","startTime":2034.85,"endTime":2036.98,"body":"so to speak, are going to be"},{"speaker":"Nick Murison","startTime":2034.85,"endTime":2036.98,"body":"more on the software side than"},{"speaker":"Nick Murison","startTime":2036.98,"endTime":2042.11,"body":"on the infrastructure side,"},{"speaker":"Nick Murison","startTime":2036.98,"endTime":2042.11,"body":"especially as we kind of we've"},{"speaker":"Nick Murison","startTime":2042.11,"endTime":2045.62,"body":"all become intimately familiar"},{"speaker":"Nick Murison","startTime":2042.11,"endTime":2045.62,"body":"with so many cloud based"},{"speaker":"Nick Murison","startTime":2045.62,"endTime":2052.22,"body":"solutions over the past six"},{"speaker":"Nick Murison","startTime":2045.62,"endTime":2052.22,"body":"months. And so the concept of,"},{"speaker":"Nick Murison","startTime":2053.06,"endTime":2057.8,"body":"you know, having a having a nice"},{"speaker":"Nick Murison","startTime":2053.06,"endTime":2057.8,"body":"firewall, and then an internal"},{"speaker":"Nick Murison","startTime":2057.8,"endTime":2060.8,"body":"office network, and, and that"},{"speaker":"Nick Murison","startTime":2057.8,"endTime":2060.8,"body":"kind of stuff that doesn't exist"},{"speaker":"Nick Murison","startTime":2060.86,"endTime":2062.75,"body":"for a lot of companies. And for"},{"speaker":"Nick Murison","startTime":2060.86,"endTime":2062.75,"body":"a lot of customers anymore,"},{"speaker":"Nick Murison","startTime":2062.75,"endTime":2066.14,"body":"it's, you know, I have a laptop,"},{"speaker":"Nick Murison","startTime":2062.75,"endTime":2066.14,"body":"I can be anywhere, and I'm"},{"speaker":"Nick Murison","startTime":2066.14,"endTime":2069.89,"body":"talking a bunch of different"},{"speaker":"Nick Murison","startTime":2066.14,"endTime":2069.89,"body":"cloud based services. It's not,"},{"speaker":"Nick Murison","startTime":2069.92,"endTime":2074.48,"body":"it's not within a nice kind of"},{"speaker":"Nick Murison","startTime":2069.92,"endTime":2074.48,"body":"secure network perimeter"},{"speaker":"Nick Murison","startTime":2074.48,"endTime":2079.28,"body":"anymore. And so, you know, as"},{"speaker":"Nick Murison","startTime":2074.48,"endTime":2079.28,"body":"more things get exposed directly"},{"speaker":"Nick Murison","startTime":2079.28,"endTime":2083.03,"body":"on the internet, as more"},{"speaker":"Nick Murison","startTime":2079.28,"endTime":2083.03,"body":"software gets exposed to it on"},{"speaker":"Nick Murison","startTime":2083.03,"endTime":2087.5,"body":"the internet, it's gonna be some"},{"speaker":"Nick Murison","startTime":2083.03,"endTime":2087.5,"body":"people are gonna have rude"},{"speaker":"Nick Murison","startTime":2087.5,"endTime":2090.23,"body":"awakenings with regards to Oh,"},{"speaker":"Nick Murison","startTime":2087.5,"endTime":2090.23,"body":"but I thought we had a firewall"},{"speaker":"Nick Murison","startTime":2090.29,"endTime":2092.9,"body":"or the firewall doesn't solve"},{"speaker":"Nick Murison","startTime":2090.29,"endTime":2092.9,"body":"doesn't solve all your security"},{"speaker":"Nick Murison","startTime":2092.9,"endTime":2095.66,"body":"problems. And by the way, your"},{"speaker":"Nick Murison","startTime":2092.9,"endTime":2095.66,"body":"app is kind of sitting out there"},{"speaker":"Nick Murison","startTime":2095.66,"endTime":2099.98,"body":"in the cloud now. And it's not"},{"speaker":"Nick Murison","startTime":2095.66,"endTime":2099.98,"body":"hidden away in a on an internal"},{"speaker":"Nick Murison","startTime":2099.98,"endTime":2100.61,"body":"work anymore?"},{"speaker":"Robby Peralta","startTime":2101.41,"endTime":2104.29,"body":"Hmm. Well,"},{"speaker":"Robby Peralta","startTime":2101.41,"endTime":2104.29,"body":"interesting. It sounds like is"},{"speaker":"Robby Peralta","startTime":2104.29,"endTime":2106.87,"body":"it true to assume that like, you"},{"speaker":"Robby Peralta","startTime":2104.29,"endTime":2106.87,"body":"know, the larger, larger the"},{"speaker":"Robby Peralta","startTime":2106.87,"endTime":2109.03,"body":"company you are, the more likely"},{"speaker":"Robby Peralta","startTime":2106.87,"endTime":2109.03,"body":"you have people that are"},{"speaker":"Robby Peralta","startTime":2109.03,"endTime":2111.91,"body":"dedicated to care about your"},{"speaker":"Robby Peralta","startTime":2109.03,"endTime":2111.91,"body":"software security. But the"},{"speaker":"Robby Peralta","startTime":2111.91,"endTime":2113.92,"body":"smaller you are, then it's"},{"speaker":"Robby Peralta","startTime":2111.91,"endTime":2113.92,"body":"really dependent on the, you"},{"speaker":"Robby Peralta","startTime":2113.92,"endTime":2116.23,"body":"know, the, whoever cares about"},{"speaker":"Robby Peralta","startTime":2113.92,"endTime":2116.23,"body":"security, and whoever cares"},{"speaker":"Robby Peralta","startTime":2116.23,"endTime":2118.3,"body":"about sales, and whoever cares"},{"speaker":"Robby Peralta","startTime":2116.23,"endTime":2118.3,"body":"about development to actually"},{"speaker":"Robby Peralta","startTime":2118.3,"endTime":2120.25,"body":"have like a close relationship?"},{"speaker":"Nick Murison","startTime":2121.03,"endTime":2122.62,"body":"Yeah, I think I"},{"speaker":"Nick Murison","startTime":2121.03,"endTime":2122.62,"body":"think that's probably true. I"},{"speaker":"Nick Murison","startTime":2122.62,"endTime":2125.26,"body":"mean, if you're a large"},{"speaker":"Nick Murison","startTime":2122.62,"endTime":2125.26,"body":"organization and you're"},{"speaker":"Nick Murison","startTime":2125.26,"endTime":2127.84,"body":"regulated, then you probably"},{"speaker":"Nick Murison","startTime":2125.26,"endTime":2127.84,"body":"have a dedicated team."},{"speaker":"Nick Murison","startTime":2130.27,"endTime":2130.93,"body":"And"},{"speaker":"Nick Murison","startTime":2132.97,"endTime":2135.79,"body":"just because you have you have a"},{"speaker":"Nick Murison","startTime":2132.97,"endTime":2135.79,"body":"certain amount of compliance"},{"speaker":"Nick Murison","startTime":2135.79,"endTime":2138.49,"body":"work, you've got to get done."},{"speaker":"Nick Murison","startTime":2135.79,"endTime":2138.49,"body":"And so you've got to have some,"},{"speaker":"Nick Murison","startTime":2138.79,"endTime":2143.14,"body":"some person power behind it. And"},{"speaker":"Nick Murison","startTime":2138.79,"endTime":2143.14,"body":"smaller companies, you they're"},{"speaker":"Nick Murison","startTime":2143.14,"endTime":2146.47,"body":"probably not going to have even"},{"speaker":"Nick Murison","startTime":2143.14,"endTime":2146.47,"body":"a C. So you know, they might"},{"speaker":"Nick Murison","startTime":2146.47,"endTime":2147.4,"body":"have Yeah, that's a"},{"speaker":"Unknown","startTime":2147.43,"endTime":2147.94,"body":"great point."},{"speaker":"Nick Murison","startTime":2148.6,"endTime":2150.25,"body":"Yeah, they're,"},{"speaker":"Nick Murison","startTime":2148.6,"endTime":2150.25,"body":"they're probably going to end up"},{"speaker":"Nick Murison","startTime":2150.25,"endTime":2154.45,"body":"having like a couple of guys and"},{"speaker":"Nick Murison","startTime":2150.25,"endTime":2154.45,"body":"gals sitting somewhere in the"},{"speaker":"Nick Murison","startTime":2154.45,"endTime":2156.7,"body":"organization, who might be"},{"speaker":"Nick Murison","startTime":2154.45,"endTime":2156.7,"body":"developers, they might be"},{"speaker":"Nick Murison","startTime":2156.7,"endTime":2161.05,"body":"architects, or a combination of"},{"speaker":"Nick Murison","startTime":2156.7,"endTime":2161.05,"body":"a variety of different roles"},{"speaker":"Nick Murison","startTime":2161.05,"endTime":2163.75,"body":"going, they're asking the right"},{"speaker":"Nick Murison","startTime":2161.05,"endTime":2163.75,"body":"questions, they're going well,"},{"speaker":"Nick Murison","startTime":2164.08,"endTime":2165.19,"body":"what are we doing for security?"},{"speaker":"Robby Peralta","startTime":2165.61,"endTime":2167.56,"body":"Somebody is going"},{"speaker":"Robby Peralta","startTime":2165.61,"endTime":2167.56,"body":"to do this. Okay, guys, let's do"},{"speaker":"Robby Peralta","startTime":2167.56,"endTime":2167.71,"body":"it."},{"speaker":"Nick Murison","startTime":2168.46,"endTime":2170.68,"body":"I mean, it might"},{"speaker":"Nick Murison","startTime":2168.46,"endTime":2170.68,"body":"just be, you know, it might just"},{"speaker":"Nick Murison","startTime":2170.68,"endTime":2173.35,"body":"stop, there might just be a case"},{"speaker":"Nick Murison","startTime":2170.68,"endTime":2173.35,"body":"of asking the question and doing"},{"speaker":"Nick Murison","startTime":2173.35,"endTime":2177.25,"body":"a couple of things. But ideally,"},{"speaker":"Nick Murison","startTime":2173.35,"endTime":2177.25,"body":"what management should be doing"},{"speaker":"Nick Murison","startTime":2177.25,"endTime":2180.82,"body":"is saying, Okay, well, of"},{"speaker":"Nick Murison","startTime":2177.25,"endTime":2180.82,"body":"course, we need to take this"},{"speaker":"Nick Murison","startTime":2180.82,"endTime":2185.74,"body":"seriously. But again, you need"},{"speaker":"Nick Murison","startTime":2180.82,"endTime":2185.74,"body":"that driver, you need some sort"},{"speaker":"Nick Murison","startTime":2185.74,"endTime":2188.44,"body":"of driver, and which is why you"},{"speaker":"Nick Murison","startTime":2185.74,"endTime":2188.44,"body":"know, sales are actually a good"},{"speaker":"Nick Murison","startTime":2188.44,"endTime":2191.41,"body":"driver. Because, you know, if"},{"speaker":"Nick Murison","startTime":2188.44,"endTime":2191.41,"body":"you're, if you're losing deals,"},{"speaker":"Nick Murison","startTime":2192.13,"endTime":2194.53,"body":"because you don't have a good"},{"speaker":"Nick Murison","startTime":2192.13,"endTime":2194.53,"body":"security story, then that's a"},{"speaker":"Nick Murison","startTime":2194.53,"endTime":2199.81,"body":"big incentive to do something"},{"speaker":"Nick Murison","startTime":2194.53,"endTime":2199.81,"body":"about it. If you're, if you have"},{"speaker":"Nick Murison","startTime":2199.84,"endTime":2203.17,"body":"regulatory compliance needs,"},{"speaker":"Nick Murison","startTime":2199.84,"endTime":2203.17,"body":"then that's that trumps"},{"speaker":"Nick Murison","startTime":2203.17,"endTime":2206.95,"body":"everything that's, you know, a"},{"speaker":"Nick Murison","startTime":2203.17,"endTime":2206.95,"body":"massive incentive to get things"},{"speaker":"Nick Murison","startTime":2206.95,"endTime":2211.63,"body":"right. But if you don't have one"},{"speaker":"Nick Murison","startTime":2206.95,"endTime":2211.63,"body":"of those, then you're kind of,"},{"speaker":"Nick Murison","startTime":2211.75,"endTime":2214.96,"body":"yeah, you're kind of in that"},{"speaker":"Nick Murison","startTime":2211.75,"endTime":2214.96,"body":"space of, if someone cares about"},{"speaker":"Nick Murison","startTime":2214.96,"endTime":2219.7,"body":"it, then then nurture that,"},{"speaker":"Nick Murison","startTime":2214.96,"endTime":2219.7,"body":"because it's going to give you a"},{"speaker":"Nick Murison","startTime":2219.7,"endTime":2223.6,"body":"lot return on investment, to"},{"speaker":"Nick Murison","startTime":2219.7,"endTime":2223.6,"body":"raise those people up and make"},{"speaker":"Nick Murison","startTime":2223.6,"endTime":2224.35,"body":"them champions."},{"speaker":"Robby Peralta","startTime":2225.25,"endTime":2226.69,"body":"Hmm. Hey,"},{"speaker":"Robby Peralta","startTime":2228.01,"endTime":2230.47,"body":"that crystal ball of yours, you"},{"speaker":"Robby Peralta","startTime":2228.01,"endTime":2230.47,"body":"got to look into it and tell me"},{"speaker":"Robby Peralta","startTime":2230.47,"endTime":2232.81,"body":"what what do you expect from the"},{"speaker":"Robby Peralta","startTime":2230.47,"endTime":2232.81,"body":"space moving forward? Because it"},{"speaker":"Robby Peralta","startTime":2232.81,"endTime":2235.75,"body":"went really quickly the past one"},{"speaker":"Robby Peralta","startTime":2232.81,"endTime":2235.75,"body":"to two years?"},{"speaker":"Nick Murison","startTime":2236.2,"endTime":2239.53,"body":"I yeah, I don't"},{"speaker":"Nick Murison","startTime":2236.2,"endTime":2239.53,"body":"know. I don't want to predict"},{"speaker":"Nick Murison","startTime":2239.53,"endTime":2248.5,"body":"anything. It's, it's going to be"},{"speaker":"Nick Murison","startTime":2239.53,"endTime":2248.5,"body":"more DevOps. There's going to be"},{"speaker":"Nick Murison","startTime":2248.98,"endTime":2255.19,"body":"more various phrases based on"},{"speaker":"Nick Murison","startTime":2248.98,"endTime":2255.19,"body":"DevOps that will amaze us. And"},{"speaker":"Nick Murison","startTime":2255.88,"endTime":2257.83,"body":"we'll have to decode them,"},{"speaker":"Nick Murison","startTime":2255.88,"endTime":2257.83,"body":"somehow, we'll have to have a"},{"speaker":"Nick Murison","startTime":2257.83,"endTime":2262.21,"body":"dictionary at some point. I"},{"speaker":"Nick Murison","startTime":2257.83,"endTime":2262.21,"body":"think the threat landscape is"},{"speaker":"Nick Murison","startTime":2262.21,"endTime":2267.37,"body":"going to change a bit. So Europe"},{"speaker":"Nick Murison","startTime":2262.21,"endTime":2267.37,"body":"has already had a had a good"},{"speaker":"Nick Murison","startTime":2268.54,"endTime":2274.36,"body":"introduction to stricter privacy"},{"speaker":"Nick Murison","startTime":2268.54,"endTime":2274.36,"body":"regulations. And I bring that up"},{"speaker":"Nick Murison","startTime":2274.36,"endTime":2280.06,"body":"as a threat. It, I don't mean it"},{"speaker":"Nick Murison","startTime":2274.36,"endTime":2280.06,"body":"as a threat. You know, privacy"},{"speaker":"Nick Murison","startTime":2280.06,"endTime":2284.65,"body":"is a good thing. But from a,"},{"speaker":"Nick Murison","startTime":2280.06,"endTime":2284.65,"body":"what do we need to deal with as"},{"speaker":"Nick Murison","startTime":2284.65,"endTime":2289.51,"body":"a company? Well, GDPR is a"},{"speaker":"Nick Murison","startTime":2284.65,"endTime":2289.51,"body":"pretty big stick to beat a"},{"speaker":"Nick Murison","startTime":2289.51,"endTime":2292.48,"body":"company with, you know, if"},{"speaker":"Nick Murison","startTime":2289.51,"endTime":2292.48,"body":"you're not doing privacy"},{"speaker":"Nick Murison","startTime":2292.48,"endTime":2297.73,"body":"correctly in Europe, then you're"},{"speaker":"Nick Murison","startTime":2292.48,"endTime":2297.73,"body":"gonna get fined, or potentially"},{"speaker":"Nick Murison","startTime":2297.73,"endTime":2301.12,"body":"you might get fined. And I"},{"speaker":"Nick Murison","startTime":2297.73,"endTime":2301.12,"body":"think, you know, the regulations"},{"speaker":"Nick Murison","startTime":2301.15,"endTime":2306.22,"body":"in Asia and in the US are moving"},{"speaker":"Nick Murison","startTime":2301.15,"endTime":2306.22,"body":"the same direction. So the the"},{"speaker":"Nick Murison","startTime":2306.22,"endTime":2311.71,"body":"kind of the, your obligations as"},{"speaker":"Nick Murison","startTime":2306.22,"endTime":2311.71,"body":"a company on a previous"},{"speaker":"Nick Murison","startTime":2311.71,"endTime":2314.56,"body":"regulations are going to become"},{"speaker":"Nick Murison","startTime":2311.71,"endTime":2314.56,"body":"a bigger headache moving"},{"speaker":"Nick Murison","startTime":2314.56,"endTime":2315.37,"body":"forward, I think."},{"speaker":"Nick Murison","startTime":2316.75,"endTime":2318.7,"body":"So get it right now. Because"},{"speaker":"Robby Peralta","startTime":2318.94,"endTime":2321.34,"body":"I also heard"},{"speaker":"Robby Peralta","startTime":2318.94,"endTime":2321.34,"body":"somebody say that they thought"},{"speaker":"Robby Peralta","startTime":2321.34,"endTime":2324.25,"body":"that GDPR was actually one of"},{"speaker":"Robby Peralta","startTime":2321.34,"endTime":2324.25,"body":"the biggest pushes to actually"},{"speaker":"Robby Peralta","startTime":2324.25,"endTime":2326.35,"body":"people start caring about these"},{"speaker":"Robby Peralta","startTime":2324.25,"endTime":2326.35,"body":"sort of things, like, you know,"},{"speaker":"Robby Peralta","startTime":2326.35,"endTime":2330.01,"body":"security in the development"},{"speaker":"Robby Peralta","startTime":2326.35,"endTime":2330.01,"body":"process, because it's like GDPR,"},{"speaker":"Robby Peralta","startTime":2330.01,"endTime":2333.19,"body":"didn't really hit the security"},{"speaker":"Robby Peralta","startTime":2330.01,"endTime":2333.19,"body":"team as the same way as it hit"},{"speaker":"Robby Peralta","startTime":2333.19,"endTime":2336.46,"body":"the, you know, the development"},{"speaker":"Robby Peralta","startTime":2333.19,"endTime":2336.46,"body":"of the sales guys and sales"},{"speaker":"Robby Peralta","startTime":2336.46,"endTime":2339.16,"body":"teams in the way you're handling"},{"speaker":"Robby Peralta","startTime":2336.46,"endTime":2339.16,"body":"people's data and stuff. Yes,"},{"speaker":"Robby Peralta","startTime":2339.16,"endTime":2339.79,"body":"you read that?"},{"speaker":"Nick Murison","startTime":2339.82,"endTime":2344.53,"body":"Yeah, I would"},{"speaker":"Nick Murison","startTime":2339.82,"endTime":2344.53,"body":"actually, I mean, I, I actually,"},{"speaker":"Nick Murison","startTime":2344.53,"endTime":2348.46,"body":"I participated in this, this"},{"speaker":"Nick Murison","startTime":2344.53,"endTime":2348.46,"body":"workshop in Stockholm a few"},{"speaker":"Nick Murison","startTime":2348.46,"endTime":2352.12,"body":"years ago. And it was it was"},{"speaker":"Nick Murison","startTime":2348.46,"endTime":2352.12,"body":"actually it was the year of"},{"speaker":"Nick Murison","startTime":2352.12,"endTime":2356.68,"body":"GDPR. So I think GDPR went live,"},{"speaker":"Nick Murison","startTime":2352.12,"endTime":2356.68,"body":"like"},{"speaker":"Robby Peralta","startTime":2357.61,"endTime":2358.87,"body":"18 to 70. Now,"},{"speaker":"Nick Murison","startTime":2358.9,"endTime":2361.24,"body":"yeah, somewhere,"},{"speaker":"Nick Murison","startTime":2358.9,"endTime":2361.24,"body":"and it was about a month before"},{"speaker":"Nick Murison","startTime":2361.24,"endTime":2366.7,"body":"it went live. And I was lucky"},{"speaker":"Nick Murison","startTime":2361.24,"endTime":2366.7,"body":"enough to have quite a few"},{"speaker":"Nick Murison","startTime":2366.7,"endTime":2369.64,"body":"people who work in finance, who"},{"speaker":"Nick Murison","startTime":2366.7,"endTime":2369.64,"body":"were basically the security"},{"speaker":"Nick Murison","startTime":2369.64,"endTime":2372.22,"body":"heads in a bunch of different"},{"speaker":"Nick Murison","startTime":2369.64,"endTime":2372.22,"body":"finance organizations in"},{"speaker":"Nick Murison","startTime":2372.22,"endTime":2378.01,"body":"Scandinavia, in a room together."},{"speaker":"Nick Murison","startTime":2372.22,"endTime":2378.01,"body":"And I was looking for a talking"},{"speaker":"Nick Murison","startTime":2378.01,"endTime":2380.68,"body":"point, we need to have a debate."},{"speaker":"Nick Murison","startTime":2378.01,"endTime":2380.68,"body":"And so I thought, well, GDPR is"},{"speaker":"Nick Murison","startTime":2380.68,"endTime":2384.16,"body":"fantastic, because, you know,"},{"speaker":"Nick Murison","startTime":2380.68,"endTime":2384.16,"body":"it's it's it's relevant, it's"},{"speaker":"Nick Murison","startTime":2384.16,"endTime":2389.29,"body":"coming up. And surely, they all"},{"speaker":"Nick Murison","startTime":2384.16,"endTime":2389.29,"body":"you know, they would all really"},{"speaker":"Nick Murison","startTime":2389.29,"endTime":2393.07,"body":"enjoy the opportunity to have a"},{"speaker":"Nick Murison","startTime":2389.29,"endTime":2393.07,"body":"bit of a moan about how it's how"},{"speaker":"Nick Murison","startTime":2393.07,"endTime":2397.12,"body":"it's made life hard. And so I"},{"speaker":"Nick Murison","startTime":2393.07,"endTime":2397.12,"body":"sort of, I went in with that"},{"speaker":"Nick Murison","startTime":2397.12,"endTime":2403.57,"body":"expectation and I started off"},{"speaker":"Nick Murison","startTime":2397.12,"endTime":2403.57,"body":"and said, you know, So GDPR Wow,"},{"speaker":"Nick Murison","startTime":2403.57,"endTime":2407.23,"body":"what a headache. Right? And the"},{"speaker":"Nick Murison","startTime":2403.57,"endTime":2407.23,"body":"response I got was, I totally"},{"speaker":"Nick Murison","startTime":2407.23,"endTime":2409.87,"body":"didn't expect it. And in"},{"speaker":"Nick Murison","startTime":2407.23,"endTime":2409.87,"body":"hindsight, I should have"},{"speaker":"Nick Murison","startTime":2409.87,"endTime":2415.06,"body":"realized that I was expecting"},{"speaker":"Nick Murison","startTime":2409.87,"endTime":2415.06,"body":"the wrong thing. But actually,"},{"speaker":"Nick Murison","startTime":2415.06,"endTime":2418.42,"body":"the reaction I got from the"},{"speaker":"Nick Murison","startTime":2415.06,"endTime":2418.42,"body":"security people was, no, we love"},{"speaker":"Nick Murison","startTime":2418.42,"endTime":2423.52,"body":"it. It's the first time we've"},{"speaker":"Nick Murison","startTime":2418.42,"endTime":2423.52,"body":"got budget in years. Because"},{"speaker":"Nick Murison","startTime":2423.79,"endTime":2428.08,"body":"it's a problem. It's, and it's"},{"speaker":"Nick Murison","startTime":2423.79,"endTime":2428.08,"body":"coming up quickly. And the"},{"speaker":"Nick Murison","startTime":2428.08,"endTime":2431.59,"body":"organization's very concerned"},{"speaker":"Nick Murison","startTime":2428.08,"endTime":2431.59,"body":"about it. And, you know, they're"},{"speaker":"Nick Murison","startTime":2431.59,"endTime":2433.78,"body":"thinking, Okay, well, if, you"},{"speaker":"Nick Murison","startTime":2431.59,"endTime":2433.78,"body":"know, who do we throw money at"},{"speaker":"Nick Murison","startTime":2433.81,"endTime":2434.92,"body":"to make this thing? This is"},{"speaker":"Robby Peralta","startTime":2434.92,"endTime":2435.73,"body":"our chance. Yes."},{"speaker":"Nick Murison","startTime":2436.66,"endTime":2440.26,"body":"So. So yeah, I"},{"speaker":"Nick Murison","startTime":2436.66,"endTime":2440.26,"body":"agree. GDPR, I think is actually"},{"speaker":"Nick Murison","startTime":2440.71,"endTime":2443.74,"body":"has been a really good thing"},{"speaker":"Nick Murison","startTime":2440.71,"endTime":2443.74,"body":"both both as a consumer, I think"},{"speaker":"Nick Murison","startTime":2443.74,"endTime":2447.97,"body":"it's been fantastic. But also"},{"speaker":"Nick Murison","startTime":2443.74,"endTime":2447.97,"body":"for organizations to, to realize"},{"speaker":"Nick Murison","startTime":2447.97,"endTime":2453.55,"body":"that, you know, you from a, in"},{"speaker":"Nick Murison","startTime":2447.97,"endTime":2453.55,"body":"particular, from a software"},{"speaker":"Nick Murison","startTime":2453.55,"endTime":2456.58,"body":"security point of view, you"},{"speaker":"Nick Murison","startTime":2453.55,"endTime":2456.58,"body":"actually need to have the right,"},{"speaker":"Nick Murison","startTime":2458.23,"endTime":2462.28,"body":"the right controls in place in"},{"speaker":"Nick Murison","startTime":2458.23,"endTime":2462.28,"body":"your software, to prevent"},{"speaker":"Nick Murison","startTime":2463.99,"endTime":2466.78,"body":"customer data leaking out. And"},{"speaker":"Nick Murison","startTime":2463.99,"endTime":2466.78,"body":"you actually need to be able to"},{"speaker":"Nick Murison","startTime":2466.78,"endTime":2472.24,"body":"document that you've taken a"},{"speaker":"Nick Murison","startTime":2466.78,"endTime":2472.24,"body":"risk based approach to this. And"},{"speaker":"Nick Murison","startTime":2472.24,"endTime":2474.79,"body":"that sort of drives certain"},{"speaker":"Nick Murison","startTime":2472.24,"endTime":2474.79,"body":"behaviors by the development of"},{"speaker":"Nick Murison","startTime":2474.79,"endTime":2477.16,"body":"drives that okay, early on, we"},{"speaker":"Nick Murison","startTime":2474.79,"endTime":2477.16,"body":"need to actually, I don't know,"},{"speaker":"Nick Murison","startTime":2477.16,"endTime":2479.8,"body":"maybe do some threat modeling,"},{"speaker":"Nick Murison","startTime":2477.16,"endTime":2479.8,"body":"or some other kind of design"},{"speaker":"Nick Murison","startTime":2479.8,"endTime":2485.02,"body":"level review, to make sure that"},{"speaker":"Nick Murison","startTime":2479.8,"endTime":2485.02,"body":"we're catching these risks."},{"speaker":"Robby Peralta","startTime":2487.3,"endTime":2489.16,"body":"Hashtag secure by"},{"speaker":"Robby Peralta","startTime":2487.3,"endTime":2489.16,"body":"design."},{"speaker":"Nick Murison","startTime":2489.7,"endTime":2491.77,"body":"Exactly. Yeah."},{"speaker":"Nick Murison","startTime":2489.7,"endTime":2491.77,"body":"Yeah. And hashtag ship."},{"speaker":"Robby Peralta","startTime":2493.21,"endTime":2494.98,"body":"Yeah, yes. I've"},{"speaker":"Robby Peralta","startTime":2493.21,"endTime":2494.98,"body":"also heard that when I was"},{"speaker":"Robby Peralta","startTime":2494.98,"endTime":2497.83,"body":"trying to figure that squeeze"},{"speaker":"Robby Peralta","startTime":2494.98,"endTime":2497.83,"body":"that in the beginning, hey, last"},{"speaker":"Robby Peralta","startTime":2497.83,"endTime":2500.77,"body":"question. Do you expect that"},{"speaker":"Robby Peralta","startTime":2497.83,"endTime":2500.77,"body":"this is really mean questions? I"},{"speaker":"Robby Peralta","startTime":2500.77,"endTime":2504.25,"body":"know your answer, generally. But"},{"speaker":"Robby Peralta","startTime":2500.77,"endTime":2504.25,"body":"uh, do you expect rate any"},{"speaker":"Robby Peralta","startTime":2504.25,"endTime":2506.62,"body":"regulations to come out? Where"},{"speaker":"Robby Peralta","startTime":2504.25,"endTime":2506.62,"body":"it says, Yeah, software"},{"speaker":"Robby Peralta","startTime":2506.62,"endTime":2509.23,"body":"security, you have to do this,"},{"speaker":"Robby Peralta","startTime":2506.62,"endTime":2509.23,"body":"this, this, this and this, to be"},{"speaker":"Robby Peralta","startTime":2509.23,"endTime":2510.22,"body":"compliant from now on?"},{"speaker":"Nick Murison","startTime":2510.73,"endTime":2511.48,"body":"Um,"},{"speaker":"Nick Murison","startTime":2513.31,"endTime":2518.02,"body":"I don't know. I don't I don't"},{"speaker":"Nick Murison","startTime":2513.31,"endTime":2518.02,"body":"think the regulators are in the"},{"speaker":"Nick Murison","startTime":2518.02,"endTime":2520.42,"body":"right place at the moment."},{"speaker":"Nick Murison","startTime":2522.16,"endTime":2524.86,"body":"I think, you know, you had you"},{"speaker":"Nick Murison","startTime":2522.16,"endTime":2524.86,"body":"had"},{"speaker":"Nick Murison","startTime":2526.46,"endTime":2529.34,"body":"you had a couple of people on"},{"speaker":"Nick Murison","startTime":2526.46,"endTime":2529.34,"body":"from the Norwegian government a"},{"speaker":"Nick Murison","startTime":2529.34,"endTime":2532.01,"body":"couple of months ago, and now"},{"speaker":"Nick Murison","startTime":2529.34,"endTime":2532.01,"body":"they're doing some tremendous"},{"speaker":"Nick Murison","startTime":2532.01,"endTime":2535.37,"body":"work, interfacing, you know,"},{"speaker":"Nick Murison","startTime":2532.01,"endTime":2535.37,"body":"public sector and private"},{"speaker":"Nick Murison","startTime":2535.37,"endTime":2542.75,"body":"sector, and sort of being a"},{"speaker":"Nick Murison","startTime":2535.37,"endTime":2542.75,"body":"helping hand for people when it"},{"speaker":"Nick Murison","startTime":2542.75,"endTime":2545.9,"body":"comes to Okay, well, we know"},{"speaker":"Nick Murison","startTime":2542.75,"endTime":2545.9,"body":"security is an issue. We know,"},{"speaker":"Nick Murison","startTime":2545.9,"endTime":2548.63,"body":"it's a big thing. But we don't"},{"speaker":"Nick Murison","startTime":2545.9,"endTime":2548.63,"body":"know what to do about it. Well,"},{"speaker":"Nick Murison","startTime":2548.75,"endTime":2550.01,"body":"you know, national security"},{"speaker":"Nick Murison","startTime":2551.59,"endTime":2553.15,"body":"agent, authority"},{"speaker":"Nick Murison","startTime":2554.5,"endTime":2557.47,"body":"NSM in Norway are doing some"},{"speaker":"Nick Murison","startTime":2554.5,"endTime":2557.47,"body":"really good work through their"},{"speaker":"Nick Murison","startTime":2557.47,"endTime":2562.24,"body":"National Cybersecurity center to"},{"speaker":"Nick Murison","startTime":2557.47,"endTime":2562.24,"body":"help facilitate that. But when"},{"speaker":"Nick Murison","startTime":2562.24,"endTime":2564.34,"body":"you look at some of the"},{"speaker":"Nick Murison","startTime":2562.24,"endTime":2564.34,"body":"guidelines that they put out,"},{"speaker":"Nick Murison","startTime":2564.37,"endTime":2568.66,"body":"it's it's still very IT"},{"speaker":"Nick Murison","startTime":2564.37,"endTime":2568.66,"body":"infrastructure, and it heavy,"},{"speaker":"Nick Murison","startTime":2568.96,"endTime":2572.53,"body":"it's not much on the software"},{"speaker":"Nick Murison","startTime":2568.96,"endTime":2572.53,"body":"side, while at the same time,"},{"speaker":"Nick Murison","startTime":2572.53,"endTime":2575.56,"body":"you know, some of some of the"},{"speaker":"Nick Murison","startTime":2572.53,"endTime":2575.56,"body":"predictions about what's going"},{"speaker":"Nick Murison","startTime":2575.56,"endTime":2579.97,"body":"to be a big technological trend"},{"speaker":"Nick Murison","startTime":2575.56,"endTime":2579.97,"body":"moving forward. It's things like"},{"speaker":"Nick Murison","startTime":2579.97,"endTime":2583.6,"body":"IoT and smart cities, and 5g and"},{"speaker":"Nick Murison","startTime":2579.97,"endTime":2583.6,"body":"so on. And that's actually"},{"speaker":"Nick Murison","startTime":2583.69,"endTime":2589.21,"body":"there's quite a lot of software"},{"speaker":"Nick Murison","startTime":2583.69,"endTime":2589.21,"body":"involved there. Hmm. And so will"},{"speaker":"Nick Murison","startTime":2589.21,"endTime":2592.42,"body":"we, at any point get more"},{"speaker":"Nick Murison","startTime":2589.21,"endTime":2592.42,"body":"regulations around software"},{"speaker":"Nick Murison","startTime":2592.42,"endTime":2597.07,"body":"security? I don't know if we'll"},{"speaker":"Nick Murison","startTime":2592.42,"endTime":2597.07,"body":"get anything like that soon. But"},{"speaker":"Nick Murison","startTime":2597.07,"endTime":2600.04,"body":"I think we'll, we'll might get"},{"speaker":"Nick Murison","startTime":2597.07,"endTime":2600.04,"body":"more, I'm hoping that we get"},{"speaker":"Nick Murison","startTime":2600.04,"endTime":2603.52,"body":"more regulations that are a bit"},{"speaker":"Nick Murison","startTime":2600.04,"endTime":2603.52,"body":"like GDPR, where, essentially,"},{"speaker":"Nick Murison","startTime":2603.7,"endTime":2608.5,"body":"it says, it's up to you to take"},{"speaker":"Nick Murison","startTime":2603.7,"endTime":2608.5,"body":"a risk based approach to how you"},{"speaker":"Nick Murison","startTime":2608.5,"endTime":2613.09,"body":"handle security here. We're not"},{"speaker":"Nick Murison","startTime":2608.5,"endTime":2613.09,"body":"going to give you a laundry list"},{"speaker":"Nick Murison","startTime":2613.12,"endTime":2617.68,"body":"of 10 things you must do, or 110"},{"speaker":"Nick Murison","startTime":2613.12,"endTime":2617.68,"body":"things you must do. We're gonna"},{"speaker":"Nick Murison","startTime":2617.68,"endTime":2622.63,"body":"say, you know, you need to"},{"speaker":"Nick Murison","startTime":2617.68,"endTime":2622.63,"body":"assess what you think is the"},{"speaker":"Nick Murison","startTime":2622.63,"endTime":2628.69,"body":"biggest risk to your company."},{"speaker":"Nick Murison","startTime":2622.63,"endTime":2628.69,"body":"And address those risks. And"},{"speaker":"Nick Murison","startTime":2628.72,"endTime":2631.42,"body":"that that kind of regulation, I"},{"speaker":"Nick Murison","startTime":2628.72,"endTime":2631.42,"body":"think, is is moving in the right"},{"speaker":"Nick Murison","startTime":2631.42,"endTime":2635.83,"body":"direction, because because"},{"speaker":"Nick Murison","startTime":2631.42,"endTime":2635.83,"body":"otherwise you get you get into"},{"speaker":"Nick Murison","startTime":2635.83,"endTime":2639.46,"body":"silly situations where, you"},{"speaker":"Nick Murison","startTime":2635.83,"endTime":2639.46,"body":"know, why do we have a firewall"},{"speaker":"Nick Murison","startTime":2639.52,"endTime":2643.45,"body":"in front of office? Because the"},{"speaker":"Nick Murison","startTime":2639.52,"endTime":2643.45,"body":"regulations say so. We there's"},{"speaker":"Nick Murison","startTime":2643.45,"endTime":2646.84,"body":"nothing in office like literally"},{"speaker":"Nick Murison","startTime":2643.45,"endTime":2646.84,"body":"that we don't even have any"},{"speaker":"Nick Murison","startTime":2646.87,"endTime":2649.57,"body":"laptops in office. Yeah, but the"},{"speaker":"Nick Murison","startTime":2646.87,"endTime":2649.57,"body":"store"},{"speaker":"Robby Peralta","startTime":2649.63,"endTime":2650.86,"body":"doesn't mean"},{"speaker":"Robby Peralta","startTime":2649.63,"endTime":2650.86,"body":"question, because I Yeah,"},{"speaker":"Robby Peralta","startTime":2650.86,"endTime":2653.11,"body":"exactly. We just talked about"},{"speaker":"Robby Peralta","startTime":2650.86,"endTime":2653.11,"body":"earlier how complex these things"},{"speaker":"Robby Peralta","startTime":2653.11,"endTime":2654.82,"body":"are. And there's no one"},{"speaker":"Robby Peralta","startTime":2653.11,"endTime":2654.82,"body":"solution. So it'd be kind of"},{"speaker":"Robby Peralta","startTime":2654.82,"endTime":2656.65,"body":"hard for government to come and"},{"speaker":"Robby Peralta","startTime":2654.82,"endTime":2656.65,"body":"say you have to do this, because"},{"speaker":"Robby Peralta","startTime":2656.65,"endTime":2659.32,"body":"that would be wrong for the"},{"speaker":"Robby Peralta","startTime":2656.65,"endTime":2659.32,"body":"other 999 out of the hundred"},{"speaker":"Robby Peralta","startTime":2659.32,"endTime":2660.85,"body":"people you're telling it to. So"},{"speaker":"Robby Peralta","startTime":2659.32,"endTime":2660.85,"body":"it's a"},{"speaker":"Nick Murison","startTime":2661.39,"endTime":2663.61,"body":"exactly I think"},{"speaker":"Nick Murison","startTime":2661.39,"endTime":2663.61,"body":"came at it. Yeah, I think I"},{"speaker":"Nick Murison","startTime":2663.61,"endTime":2663.91,"body":"mean,"},{"speaker":"Nick Murison","startTime":2665.26,"endTime":2668.11,"body":"you know, PCI kind of galore,"},{"speaker":"Nick Murison","startTime":2665.26,"endTime":2668.11,"body":"criticism for, you know, their"},{"speaker":"Nick Murison","startTime":2668.11,"endTime":2671.98,"body":"data security standard, because"},{"speaker":"Nick Murison","startTime":2668.11,"endTime":2671.98,"body":"it is very prescriptive. It's"},{"speaker":"Nick Murison","startTime":2671.98,"endTime":2674.95,"body":"been around for almost 20 years"},{"speaker":"Nick Murison","startTime":2671.98,"endTime":2674.95,"body":"now, I think. And they kind of"},{"speaker":"Nick Murison","startTime":2674.95,"endTime":2679.87,"body":"give you a laundry list of"},{"speaker":"Nick Murison","startTime":2674.95,"endTime":2679.87,"body":"things you must do. And it"},{"speaker":"Nick Murison","startTime":2679.9,"endTime":2683.2,"body":"actually is very useful. When"},{"speaker":"Nick Murison","startTime":2679.9,"endTime":2683.2,"body":"you talk to companies who are"},{"speaker":"Nick Murison","startTime":2683.23,"endTime":2685.48,"body":"you know, they don't know what"},{"speaker":"Nick Murison","startTime":2683.23,"endTime":2685.48,"body":"to do. Well, here's a laundry"},{"speaker":"Nick Murison","startTime":2685.48,"endTime":2689.14,"body":"list of things you must do."},{"speaker":"Nick Murison","startTime":2685.48,"endTime":2689.14,"body":"That's That's good. But even"},{"speaker":"Nick Murison","startTime":2689.14,"endTime":2692.08,"body":"more mature companies who have"},{"speaker":"Nick Murison","startTime":2689.14,"endTime":2692.08,"body":"come up with different ways of"},{"speaker":"Nick Murison","startTime":2692.08,"endTime":2695.26,"body":"solving the same security"},{"speaker":"Nick Murison","startTime":2692.08,"endTime":2695.26,"body":"challenge. It's but they're not"},{"speaker":"Nick Murison","startTime":2695.26,"endTime":2697.12,"body":"doing the thing that the"},{"speaker":"Nick Murison","startTime":2695.26,"endTime":2697.12,"body":"standard says that they must do."},{"speaker":"Nick Murison","startTime":2697.24,"endTime":2701.95,"body":"That's fine in PCI DSS, you can"},{"speaker":"Nick Murison","startTime":2697.24,"endTime":2701.95,"body":"you can have one You can have a"},{"speaker":"Nick Murison","startTime":2701.95,"endTime":2704.98,"body":"mitigating control, you can"},{"speaker":"Nick Murison","startTime":2701.95,"endTime":2704.98,"body":"choose something else as long as"},{"speaker":"Nick Murison","startTime":2704.98,"endTime":2710.98,"body":"you can defend it, that's fine."},{"speaker":"Nick Murison","startTime":2704.98,"endTime":2710.98,"body":"So, but more modern standards"},{"speaker":"Nick Murison","startTime":2710.98,"endTime":2715.24,"body":"are more along the lines of, you"},{"speaker":"Nick Murison","startTime":2710.98,"endTime":2715.24,"body":"know, as a company, you need to"},{"speaker":"Nick Murison","startTime":2715.48,"endTime":2718.15,"body":"figure out what's going to be"},{"speaker":"Nick Murison","startTime":2715.48,"endTime":2718.15,"body":"the big challenge, and you need"},{"speaker":"Nick Murison","startTime":2718.15,"endTime":2718.69,"body":"to dress it."},{"speaker":"Robby Peralta","startTime":2719.56,"endTime":2723.22,"body":"Hmm. Well, Mr."},{"speaker":"Robby Peralta","startTime":2719.56,"endTime":2723.22,"body":"Murison, if I ever become a"},{"speaker":"Robby Peralta","startTime":2723.22,"endTime":2726.16,"body":"regulator of anything in a"},{"speaker":"Robby Peralta","startTime":2723.22,"endTime":2726.16,"body":"position like that, I know whom"},{"speaker":"Robby Peralta","startTime":2726.22,"endTime":2731.11,"body":"I'm going to call for advice."},{"speaker":"Robby Peralta","startTime":2726.22,"endTime":2731.11,"body":"But hopefully I'm never in that"},{"speaker":"Robby Peralta","startTime":2731.11,"endTime":2732.67,"body":"position, because I don't think"},{"speaker":"Robby Peralta","startTime":2731.11,"endTime":2732.67,"body":"anybody wants me to be there."},{"speaker":"Robby Peralta","startTime":2733.39,"endTime":2737.59,"body":"But in the meantime, I will"},{"speaker":"Robby Peralta","startTime":2733.39,"endTime":2737.59,"body":"thank you for your time. And I'm"},{"speaker":"Robby Peralta","startTime":2737.59,"endTime":2740.32,"body":"actually going to go make a"},{"speaker":"Robby Peralta","startTime":2737.59,"endTime":2740.32,"body":"follow up podcast on this topic"},{"speaker":"Robby Peralta","startTime":2740.77,"endTime":2750.61,"body":"with some other some other guys"},{"speaker":"Robby Peralta","startTime":2740.77,"endTime":2750.61,"body":"you know. Espen from Visma."},{"speaker":"Nick Murison","startTime":2751.15,"endTime":2752.47,"body":"yeah, that's"},{"speaker":"Nick Murison","startTime":2751.15,"endTime":2752.47,"body":"right. Yeah."},{"speaker":"Robby Peralta","startTime":2752.0,"endTime":2755.45,"body":"Yeah, absolutely."},{"speaker":"Robby Peralta","startTime":2752.0,"endTime":2755.45,"body":"So I'm gonna take this podcast"},{"speaker":"Robby Peralta","startTime":2755.48,"endTime":2757.61,"body":"making, listen to it, post it,"},{"speaker":"Robby Peralta","startTime":2755.48,"endTime":2757.61,"body":"and then he's gonna make one and"},{"speaker":"Robby Peralta","startTime":2757.61,"endTime":2759.14,"body":"then maybe I'll invite you on"},{"speaker":"Robby Peralta","startTime":2757.61,"endTime":2759.14,"body":"afterwards, and you guys can"},{"speaker":"Robby Peralta","startTime":2759.14,"endTime":2760.82,"body":"just have like this software"},{"speaker":"Robby Peralta","startTime":2759.14,"endTime":2760.82,"body":"security podcast moving forward."},{"speaker":"Nick Murison","startTime":2761.26,"endTime":2761.77,"body":"That'd be fun."},{"speaker":"Robby Peralta","startTime":2762.4,"endTime":2765.46,"body":"That'd be great."},{"speaker":"Robby Peralta","startTime":2762.4,"endTime":2765.46,"body":"Nick, thank you for your time,"},{"speaker":"Robby Peralta","startTime":2765.49,"endTime":2767.17,"body":"and we will speak soon."},{"speaker":"Nick Murison","startTime":2767.2,"endTime":2768.22,"body":"Thank you very"},{"speaker":"Nick Murison","startTime":2767.2,"endTime":2768.22,"body":"much for having me."},{"speaker":"Robby Peralta","startTime":2772.48,"endTime":2774.91,"body":"Well, that's all"},{"speaker":"Robby Peralta","startTime":2772.48,"endTime":2774.91,"body":"for today, folks. Thank you for"},{"speaker":"Robby Peralta","startTime":2774.91,"endTime":2777.82,"body":"tuning in to the mnemonic"},{"speaker":"Robby Peralta","startTime":2774.91,"endTime":2777.82,"body":"security podcast. If you have"},{"speaker":"Robby Peralta","startTime":2777.82,"endTime":2780.7,"body":"any concepts or ideas that you"},{"speaker":"Robby Peralta","startTime":2777.82,"endTime":2780.7,"body":"would like us to discuss on"},{"speaker":"Robby Peralta","startTime":2780.7,"endTime":2783.7,"body":"future episodes, please feel"},{"speaker":"Robby Peralta","startTime":2780.7,"endTime":2783.7,"body":"free to send us a mail to"},{"speaker":"Robby Peralta","startTime":2783.7,"endTime":2785.44,"body":"podcast@mnemonic.no."},{"speaker":"Robby Peralta","startTime":2786.25,"endTime":2788.14,"body":"Thank you for listening, and"},{"speaker":"Robby Peralta","startTime":2786.25,"endTime":2788.14,"body":"we'll see you next time."}]}