{"version":"1.0.0","segments":[{"speaker":"mnemonic","startTime":3.72,"endTime":7.23,"body":"From our headquarters"},{"speaker":"mnemonic","startTime":3.72,"endTime":7.23,"body":"in Oslo, Norway, and on behalf"},{"speaker":"mnemonic","startTime":7.23,"endTime":12.3,"body":"of our host Robby Peralta,"},{"speaker":"mnemonic","startTime":7.23,"endTime":12.3,"body":"welcome to the mnemonic security"},{"speaker":"mnemonic","startTime":12.3,"endTime":13.2,"body":"podcast."},{"speaker":"Robby Peralta","startTime":14.59,"endTime":18.43,"body":"You do your job,"},{"speaker":"Robby Peralta","startTime":14.59,"endTime":18.43,"body":"and I'll do mine. I'm sure we've"},{"speaker":"Robby Peralta","startTime":18.43,"endTime":21.61,"body":"all heard these words, (or said"},{"speaker":"Robby Peralta","startTime":18.43,"endTime":21.61,"body":"them to someone), in our"},{"speaker":"Robby Peralta","startTime":21.61,"endTime":24.49,"body":"professional lives. But we"},{"speaker":"Robby Peralta","startTime":21.61,"endTime":24.49,"body":"definitely don't want that"},{"speaker":"Robby Peralta","startTime":24.49,"endTime":28.36,"body":"exchange between the security"},{"speaker":"Robby Peralta","startTime":24.49,"endTime":28.36,"body":"and development team. Now, I'm"},{"speaker":"Robby Peralta","startTime":28.36,"endTime":31.03,"body":"sure we'd all agree that"},{"speaker":"Robby Peralta","startTime":28.36,"endTime":31.03,"body":"information security is a beast"},{"speaker":"Robby Peralta","startTime":31.03,"endTime":34.57,"body":"of its own, but so is software"},{"speaker":"Robby Peralta","startTime":31.03,"endTime":34.57,"body":"development. And unfortunately"},{"speaker":"Robby Peralta","startTime":34.57,"endTime":38.23,"body":"for the amount of hours that we"},{"speaker":"Robby Peralta","startTime":34.57,"endTime":38.23,"body":"already worked today, both sides"},{"speaker":"Robby Peralta","startTime":38.23,"endTime":40.6,"body":"are going to have to learn each"},{"speaker":"Robby Peralta","startTime":38.23,"endTime":40.6,"body":"other's worlds in order to keep"},{"speaker":"Robby Peralta","startTime":40.6,"endTime":45.04,"body":"the peace - or to keep the bad"},{"speaker":"Robby Peralta","startTime":40.6,"endTime":45.04,"body":"guys out at least. Espen"},{"speaker":"Robby Peralta","startTime":45.04,"endTime":47.77,"body":"Johansen and Daniela Cruzes -"},{"speaker":"Robby Peralta","startTime":45.04,"endTime":47.77,"body":"welcome to the podcast."},{"speaker":"Daniela Cruzes","startTime":47.98,"endTime":48.55,"body":"Thank you."},{"speaker":"Espen Johansen","startTime":49.09,"endTime":50.47,"body":"Thanks. How are"},{"speaker":"Espen Johansen","startTime":49.09,"endTime":50.47,"body":"you today?"},{"speaker":"Robby Peralta","startTime":50.74,"endTime":52.63,"body":"I'm doing just"},{"speaker":"Robby Peralta","startTime":50.74,"endTime":52.63,"body":"dandy. How about yourselves?"},{"speaker":"Espen Johansen","startTime":53.05,"endTime":54.28,"body":"Ecstatic as"},{"speaker":"Espen Johansen","startTime":53.05,"endTime":54.28,"body":"always"},{"speaker":"Robby Peralta","startTime":54.61,"endTime":56.53,"body":"I love it, Espen"},{"speaker":"Robby Peralta","startTime":54.61,"endTime":56.53,"body":"and that's why you're back on"},{"speaker":"Robby Peralta","startTime":56.53,"endTime":59.41,"body":"the show. There's not many"},{"speaker":"Robby Peralta","startTime":56.53,"endTime":59.41,"body":"people that are ecstatic about"},{"speaker":"Robby Peralta","startTime":59.41,"endTime":60.28,"body":"software security."},{"speaker":"Robby Peralta","startTime":60.99,"endTime":64.32,"body":"So estactic Espen is a veteran"},{"speaker":"Robby Peralta","startTime":60.99,"endTime":64.32,"body":"of the show, product security"},{"speaker":"Robby Peralta","startTime":64.32,"endTime":66.54,"body":"director at the Visma, which is"},{"speaker":"Robby Peralta","startTime":64.32,"endTime":66.54,"body":"one of the largest software"},{"speaker":"Robby Peralta","startTime":66.54,"endTime":69.57,"body":"companies in the world. And do"},{"speaker":"Robby Peralta","startTime":66.54,"endTime":69.57,"body":"keep us in check, we have a"},{"speaker":"Robby Peralta","startTime":69.57,"endTime":72.12,"body":"professor and research"},{"speaker":"Robby Peralta","startTime":69.57,"endTime":72.12,"body":"scientist. And that's a"},{"speaker":"Robby Peralta","startTime":72.12,"endTime":76.74,"body":"professor at NTNU and a research"},{"speaker":"Robby Peralta","startTime":72.12,"endTime":76.74,"body":"scientist for SINTEF, who may"},{"speaker":"Robby Peralta","startTime":76.74,"endTime":79.56,"body":"just have an opinion about"},{"speaker":"Robby Peralta","startTime":76.74,"endTime":79.56,"body":"software security after writing"},{"speaker":"Robby Peralta","startTime":79.62,"endTime":85.47,"body":"144 academic articles about it."},{"speaker":"Robby Peralta","startTime":79.62,"endTime":85.47,"body":"So Daniela I presume your dreams"},{"speaker":"Robby Peralta","startTime":85.47,"endTime":88.59,"body":"are something like the matrix"},{"speaker":"Robby Peralta","startTime":85.47,"endTime":88.59,"body":"with a bunch of like code flying"},{"speaker":"Robby Peralta","startTime":88.59,"endTime":90.51,"body":"around your imagination. Is that"},{"speaker":"Robby Peralta","startTime":88.59,"endTime":90.51,"body":"true?"},{"speaker":"Robby Peralta","startTime":92.49,"endTime":95.73,"body":"You wish actually, well, it"},{"speaker":"Robby Peralta","startTime":92.49,"endTime":95.73,"body":"sounds like we shouldn't go any"},{"speaker":"Robby Peralta","startTime":95.73,"endTime":100.62,"body":"further into that for this"},{"speaker":"Robby Peralta","startTime":95.73,"endTime":100.62,"body":"episode. The topic for today is"},{"speaker":"Robby Peralta","startTime":100.65,"endTime":104.37,"body":"DevOps, or SecDevOps, or"},{"speaker":"Robby Peralta","startTime":100.65,"endTime":104.37,"body":"software security or all of the"},{"speaker":"Robby Peralta","startTime":104.37,"endTime":106.83,"body":"above. And again, starting out"},{"speaker":"Robby Peralta","startTime":104.37,"endTime":106.83,"body":"with you Daniela, since you've"},{"speaker":"Robby Peralta","startTime":106.83,"endTime":109.56,"body":"been so busy lately with the"},{"speaker":"Robby Peralta","startTime":106.83,"endTime":109.56,"body":"topic. One of the papers you"},{"speaker":"Robby Peralta","startTime":109.56,"endTime":113.7,"body":"wrote was called IT security is"},{"speaker":"Robby Peralta","startTime":109.56,"endTime":113.7,"body":"from Mars, and software security"},{"speaker":"Robby Peralta","startTime":113.88,"endTime":116.7,"body":"is from Venus. And I'm pretty"},{"speaker":"Robby Peralta","startTime":113.88,"endTime":116.7,"body":"sure that you didn't mean IT"},{"speaker":"Robby Peralta","startTime":116.7,"endTime":120.66,"body":"security is for men and software"},{"speaker":"Robby Peralta","startTime":116.7,"endTime":120.66,"body":"security is for women. So what"},{"speaker":"Robby Peralta","startTime":120.66,"endTime":123.3,"body":"did you mean by that? Exactly?"},{"speaker":"Robby Peralta","startTime":120.66,"endTime":123.3,"body":"What What was the meaning for"},{"speaker":"Robby Peralta","startTime":123.3,"endTime":124.95,"body":"that title for that paper?"},{"speaker":"Daniela Cruzes","startTime":125.83,"endTime":128.17,"body":"Okay well it has"},{"speaker":"Daniela Cruzes","startTime":125.83,"endTime":128.17,"body":"never been about women or men."},{"speaker":"Daniela Cruzes","startTime":131.0,"endTime":135.38,"body":"So the main points of the paper"},{"speaker":"Daniela Cruzes","startTime":131.0,"endTime":135.38,"body":"is mostly to highlight this"},{"speaker":"Daniela Cruzes","startTime":135.47,"endTime":139.85,"body":"disconnect that the IT security"},{"speaker":"Daniela Cruzes","startTime":135.47,"endTime":139.85,"body":"people had with the development"},{"speaker":"Daniela Cruzes","startTime":140.06,"endTime":144.44,"body":"team. And one of the things that"},{"speaker":"Daniela Cruzes","startTime":140.06,"endTime":144.44,"body":"happens, and that DevOps also"},{"speaker":"Daniela Cruzes","startTime":144.44,"endTime":149.48,"body":"tries to bridge, is that many"},{"speaker":"Daniela Cruzes","startTime":144.44,"endTime":149.48,"body":"organizations have these"},{"speaker":"Daniela Cruzes","startTime":149.48,"endTime":153.86,"body":"departments that one was like"},{"speaker":"Daniela Cruzes","startTime":149.48,"endTime":153.86,"body":"about about it, and then looking"},{"speaker":"Daniela Cruzes","startTime":153.86,"endTime":157.28,"body":"at all the things about network"},{"speaker":"Daniela Cruzes","startTime":153.86,"endTime":157.28,"body":"and network security and"},{"speaker":"Daniela Cruzes","startTime":157.28,"endTime":161.12,"body":"intrusion and things like that."},{"speaker":"Daniela Cruzes","startTime":157.28,"endTime":161.12,"body":"And the development team was"},{"speaker":"Daniela Cruzes","startTime":161.12,"endTime":165.26,"body":"totally excluded for all these"},{"speaker":"Daniela Cruzes","startTime":161.12,"endTime":165.26,"body":"discussions, or all the things"},{"speaker":"Daniela Cruzes","startTime":165.26,"endTime":170.57,"body":"that happens in the network. So"},{"speaker":"Daniela Cruzes","startTime":165.26,"endTime":170.57,"body":"then what what we saw the need"},{"speaker":"Daniela Cruzes","startTime":170.57,"endTime":173.72,"body":"is that, like, they need to be"},{"speaker":"Daniela Cruzes","startTime":170.57,"endTime":173.72,"body":"more aware of all these things."},{"speaker":"Daniela Cruzes","startTime":173.72,"endTime":176.9,"body":"And that's what happens with"},{"speaker":"Daniela Cruzes","startTime":173.72,"endTime":176.9,"body":"DevOps teams, much more than"},{"speaker":"Daniela Cruzes","startTime":176.9,"endTime":179.78,"body":"when you don't have DevOps"},{"speaker":"Daniela Cruzes","startTime":176.9,"endTime":179.78,"body":"teams, because then they have to"},{"speaker":"Daniela Cruzes","startTime":179.78,"endTime":182.81,"body":"also run into their heads who"},{"speaker":"Daniela Cruzes","startTime":179.78,"endTime":182.81,"body":"also don't have to worry about"},{"speaker":"Daniela Cruzes","startTime":182.99,"endTime":185.87,"body":"the operational part of the"},{"speaker":"Daniela Cruzes","startTime":182.99,"endTime":185.87,"body":"system itself."},{"speaker":"Robby Peralta","startTime":186.65,"endTime":189.95,"body":"Mm hmm. By the"},{"speaker":"Robby Peralta","startTime":186.65,"endTime":189.95,"body":"way, quick question for you"},{"speaker":"Robby Peralta","startTime":189.95,"endTime":192.11,"body":"there. Do you call it DevOps or"},{"speaker":"Robby Peralta","startTime":189.95,"endTime":192.11,"body":"DevSecOps?"},{"speaker":"Daniela Cruzes","startTime":194.36,"endTime":197.15,"body":"If you start"},{"speaker":"Daniela Cruzes","startTime":194.36,"endTime":197.15,"body":"putting like, each letter, or"},{"speaker":"Daniela Cruzes","startTime":197.18,"endTime":200.63,"body":"each part of what you want to"},{"speaker":"Daniela Cruzes","startTime":197.18,"endTime":200.63,"body":"focus as part of like, what is"},{"speaker":"Daniela Cruzes","startTime":200.63,"endTime":203.84,"body":"the concept, then you lose"},{"speaker":"Daniela Cruzes","startTime":200.63,"endTime":203.84,"body":"yourself. So then I think that's"},{"speaker":"Daniela Cruzes","startTime":203.84,"endTime":208.43,"body":"like DevOps, then it should be"},{"speaker":"Daniela Cruzes","startTime":203.84,"endTime":208.43,"body":"secured. If you don't have a"},{"speaker":"Daniela Cruzes","startTime":208.43,"endTime":213.02,"body":"software that is secure, then"},{"speaker":"Daniela Cruzes","startTime":208.43,"endTime":213.02,"body":"what's the point? So then you're"},{"speaker":"Daniela Cruzes","startTime":213.05,"endTime":217.37,"body":"risking too much, right? So then"},{"speaker":"Daniela Cruzes","startTime":213.05,"endTime":217.37,"body":"it has to execute. So then why"},{"speaker":"Daniela Cruzes","startTime":217.37,"endTime":221.0,"body":"to want to say dev sec Ops, does"},{"speaker":"Daniela Cruzes","startTime":217.37,"endTime":221.0,"body":"it mean that the DevOps should"},{"speaker":"Daniela Cruzes","startTime":221.0,"endTime":221.84,"body":"not be secure?"},{"speaker":"Robby Peralta","startTime":223.47,"endTime":224.76,"body":"In English,"},{"speaker":"Robby Peralta","startTime":223.47,"endTime":224.76,"body":"that's called what we call an"},{"speaker":"Robby Peralta","startTime":224.79,"endTime":230.61,"body":"oxymoron. That's been you work"},{"speaker":"Robby Peralta","startTime":224.79,"endTime":230.61,"body":"for a large company. I'm"},{"speaker":"Robby Peralta","startTime":230.61,"endTime":233.76,"body":"assuming there was one point in"},{"speaker":"Robby Peralta","startTime":230.61,"endTime":233.76,"body":"your history that there was no"},{"speaker":"Robby Peralta","startTime":233.79,"endTime":238.77,"body":"dedicated DevOps team per se."},{"speaker":"Robby Peralta","startTime":233.79,"endTime":238.77,"body":"hen was that? When did you guys"},{"speaker":"Robby Peralta","startTime":238.77,"endTime":241.92,"body":"ake the transition from being"},{"speaker":"Robby Peralta","startTime":238.77,"endTime":241.92,"body":"ust one security team and then"},{"speaker":"Robby Peralta","startTime":241.92,"endTime":245.61,"body":"ver to the security being"},{"speaker":"Robby Peralta","startTime":241.92,"endTime":245.61,"body":"ncorporated into the product"},{"speaker":"Robby Peralta","startTime":245.61,"endTime":246.75,"body":"eam, for example,"},{"speaker":"Espen Johansen","startTime":246.0,"endTime":249.69,"body":"well that is"},{"speaker":"Espen Johansen","startTime":246.0,"endTime":249.69,"body":"quite some years ago, I don't"},{"speaker":"Espen Johansen","startTime":249.69,"endTime":254.22,"body":"have the exact starting date."},{"speaker":"Espen Johansen","startTime":249.69,"endTime":254.22,"body":"But it's quite a quite fun to"},{"speaker":"Espen Johansen","startTime":254.22,"endTime":257.76,"body":"listen to Daniela because, but"},{"speaker":"Espen Johansen","startTime":254.22,"endTime":257.76,"body":"what she describes there in her"},{"speaker":"Espen Johansen","startTime":257.76,"endTime":261.51,"body":"book is something that is quite"},{"speaker":"Espen Johansen","startTime":257.76,"endTime":261.51,"body":"common when you see it in most"},{"speaker":"Espen Johansen","startTime":261.51,"endTime":265.5,"body":"companies, I would say, and some"},{"speaker":"Espen Johansen","startTime":261.51,"endTime":265.5,"body":"some see this as kind of the"},{"speaker":"Espen Johansen","startTime":265.92,"endTime":269.31,"body":"more of a philosophical fight"},{"speaker":"Espen Johansen","startTime":265.92,"endTime":269.31,"body":"between the ITIL direction and"},{"speaker":"Espen Johansen","startTime":269.31,"endTime":272.73,"body":"the Agile direction, that the"},{"speaker":"Espen Johansen","startTime":269.31,"endTime":272.73,"body":"kind of main main thing that we"},{"speaker":"Espen Johansen","startTime":272.73,"endTime":277.2,"body":"observed is that the the"},{"speaker":"Espen Johansen","startTime":272.73,"endTime":277.2,"body":"development teams saw security"},{"speaker":"Espen Johansen","startTime":277.2,"endTime":281.49,"body":"as something external to them."},{"speaker":"Espen Johansen","startTime":277.2,"endTime":281.49,"body":"While the security teams saw"},{"speaker":"Espen Johansen","startTime":281.49,"endTime":285.15,"body":"these development teams, as also"},{"speaker":"Espen Johansen","startTime":281.49,"endTime":285.15,"body":"external to themselves so"},{"speaker":"Espen Johansen","startTime":285.15,"endTime":288.12,"body":"instead of having these look at"},{"speaker":"Espen Johansen","startTime":285.15,"endTime":288.12,"body":"each other as external beings,"},{"speaker":"Espen Johansen","startTime":288.12,"endTime":291.24,"body":"we have worked very hard on"},{"speaker":"Espen Johansen","startTime":288.12,"endTime":291.24,"body":"creating integrated environments"},{"speaker":"Espen Johansen","startTime":291.27,"endTime":294.39,"body":"where security is just a part of"},{"speaker":"Espen Johansen","startTime":291.27,"endTime":294.39,"body":"whatever you do in development,"},{"speaker":"Espen Johansen","startTime":295.23,"endTime":298.59,"body":"and develop it also becomes part"},{"speaker":"Espen Johansen","startTime":295.23,"endTime":298.59,"body":"of security. So we have to speak"},{"speaker":"Espen Johansen","startTime":298.59,"endTime":301.53,"body":"the same language and that was"},{"speaker":"Espen Johansen","startTime":298.59,"endTime":301.53,"body":"kind of a cultural barrier that"},{"speaker":"Espen Johansen","startTime":301.53,"endTime":302.34,"body":"we had to cross?"},{"speaker":"Robby Peralta","startTime":302.73,"endTime":304.29,"body":"Was there a"},{"speaker":"Robby Peralta","startTime":302.73,"endTime":304.29,"body":"certain event that happened to"},{"speaker":"Robby Peralta","startTime":304.29,"endTime":306.99,"body":"make that happen? Or was it, you"},{"speaker":"Robby Peralta","startTime":304.29,"endTime":306.99,"body":"just learned that that was a"},{"speaker":"Robby Peralta","startTime":306.99,"endTime":307.68,"body":"smart thing to do."},{"speaker":"Espen Johansen","startTime":308.61,"endTime":310.77,"body":"it was basically"},{"speaker":"Espen Johansen","startTime":308.61,"endTime":310.77,"body":"a gradual evolution, I would"},{"speaker":"Espen Johansen","startTime":310.77,"endTime":315.0,"body":"say, it's not something, it's a"},{"speaker":"Espen Johansen","startTime":310.77,"endTime":315.0,"body":"defining moment that I would say"},{"speaker":"Espen Johansen","startTime":315.0,"endTime":318.96,"body":"it's it's a natural thing to do."},{"speaker":"Espen Johansen","startTime":315.0,"endTime":318.96,"body":"But basically, if you've just"},{"speaker":"Espen Johansen","startTime":318.96,"endTime":322.32,"body":"tried to experiment, but in all"},{"speaker":"Espen Johansen","startTime":318.96,"endTime":322.32,"body":"ways of having gateways, by some"},{"speaker":"Espen Johansen","startTime":322.32,"endTime":325.17,"body":"IT security people for"},{"speaker":"Espen Johansen","startTime":322.32,"endTime":325.17,"body":"development teams, kind of like"},{"speaker":"Espen Johansen","startTime":325.17,"endTime":329.55,"body":"the traditional handovers from"},{"speaker":"Espen Johansen","startTime":325.17,"endTime":329.55,"body":"development to operations, we"},{"speaker":"Espen Johansen","startTime":329.55,"endTime":332.91,"body":"kind of learned that that just"},{"speaker":"Espen Johansen","startTime":329.55,"endTime":332.91,"body":"doesn't work, you create a soft"},{"speaker":"Espen Johansen","startTime":332.91,"endTime":335.82,"body":"belly that development teams,"},{"speaker":"Espen Johansen","startTime":332.91,"endTime":335.82,"body":"and you create a hard shell on"},{"speaker":"Espen Johansen","startTime":335.82,"endTime":339.12,"body":"the outside. And it's these hard"},{"speaker":"Espen Johansen","startTime":335.82,"endTime":339.12,"body":"shells are so easy to penetrate."},{"speaker":"Espen Johansen","startTime":339.36,"endTime":342.75,"body":"When you have the knowledge of a"},{"speaker":"Espen Johansen","startTime":339.36,"endTime":342.75,"body":"developer, you just have to"},{"speaker":"Espen Johansen","startTime":342.75,"endTime":345.81,"body":"follow layer seven, and then you"},{"speaker":"Espen Johansen","startTime":342.75,"endTime":345.81,"body":"have a soft belly inside. And we"},{"speaker":"Espen Johansen","startTime":345.81,"endTime":350.04,"body":"wanted to avoid that. So by by"},{"speaker":"Espen Johansen","startTime":345.81,"endTime":350.04,"body":"following lots of the advice"},{"speaker":"Espen Johansen","startTime":350.04,"endTime":354.09,"body":"that we got from Daniella and"},{"speaker":"Espen Johansen","startTime":350.04,"endTime":354.09,"body":"other researchers, we, we kind"},{"speaker":"Espen Johansen","startTime":354.09,"endTime":357.0,"body":"of permeate into the current"},{"speaker":"Espen Johansen","startTime":354.09,"endTime":357.0,"body":"status that you have today."},{"speaker":"Robby Peralta","startTime":358.649,"endTime":360.599,"body":"Which has a very"},{"speaker":"Robby Peralta","startTime":358.649,"endTime":360.599,"body":"high level of security. Yeah,"},{"speaker":"Daniela Cruzes","startTime":361.14,"endTime":363.63,"body":"yeah, I think"},{"speaker":"Daniela Cruzes","startTime":361.14,"endTime":363.63,"body":"that we started this discussion"},{"speaker":"Daniela Cruzes","startTime":363.63,"endTime":369.3,"body":"of calling self management"},{"speaker":"Daniela Cruzes","startTime":363.63,"endTime":369.3,"body":"security, remember. And then. So"},{"speaker":"Daniela Cruzes","startTime":369.3,"endTime":372.45,"body":"I think that it came with that"},{"speaker":"Daniela Cruzes","startTime":369.3,"endTime":372.45,"body":"concept of like, okay, we need"},{"speaker":"Daniela Cruzes","startTime":372.45,"endTime":375.84,"body":"to make this more self managers."},{"speaker":"Daniela Cruzes","startTime":372.45,"endTime":375.84,"body":"And we cannot have an external"},{"speaker":"Daniela Cruzes","startTime":375.84,"endTime":378.66,"body":"that's going to be responsible"},{"speaker":"Daniela Cruzes","startTime":375.84,"endTime":378.66,"body":"for security, because that's not"},{"speaker":"Daniela Cruzes","startTime":378.66,"endTime":383.43,"body":"going to work with the base that"},{"speaker":"Daniela Cruzes","startTime":378.66,"endTime":383.43,"body":"visma wants to have right, or"},{"speaker":"Daniela Cruzes","startTime":383.94,"endTime":386.49,"body":"output or functionalities and"},{"speaker":"Daniela Cruzes","startTime":383.94,"endTime":386.49,"body":"things like that."},{"speaker":"Espen Johansen","startTime":390.209,"endTime":391.769,"body":"I completely"},{"speaker":"Espen Johansen","startTime":390.209,"endTime":391.769,"body":"agree with that. Because if you"},{"speaker":"Espen Johansen","startTime":391.769,"endTime":394.559,"body":"discuss that Daniella, so did"},{"speaker":"Espen Johansen","startTime":391.769,"endTime":394.559,"body":"the self management, because"},{"speaker":"Espen Johansen","startTime":394.559,"endTime":398.969,"body":"that is the core business really"},{"speaker":"Espen Johansen","startTime":394.559,"endTime":398.969,"body":"big, we are kind of in really"},{"speaker":"Espen Johansen","startTime":398.969,"endTime":401.879,"body":"many countries. And as a"},{"speaker":"Espen Johansen","startTime":398.969,"endTime":401.879,"body":"distributed organization, you"},{"speaker":"Espen Johansen","startTime":401.879,"endTime":405.329,"body":"cannot have a very strong"},{"speaker":"Espen Johansen","startTime":401.879,"endTime":405.329,"body":"central management of this. This"},{"speaker":"Espen Johansen","startTime":405.329,"endTime":407.819,"body":"brings it kind of back home to"},{"speaker":"Espen Johansen","startTime":405.329,"endTime":407.819,"body":"some of we have had so many"},{"speaker":"Espen Johansen","startTime":407.819,"endTime":410.969,"body":"discussions over the years now"},{"speaker":"Espen Johansen","startTime":407.819,"endTime":410.969,"body":"Daniela about this, how to do"},{"speaker":"Espen Johansen","startTime":410.969,"endTime":413.699,"body":"self management on really"},{"speaker":"Espen Johansen","startTime":410.969,"endTime":413.699,"body":"difficult topics that people try"},{"speaker":"Espen Johansen","startTime":413.699,"endTime":417.779,"body":"to avoid. And this is kind of"},{"speaker":"Espen Johansen","startTime":413.699,"endTime":417.779,"body":"where I find the art. And that"},{"speaker":"Espen Johansen","startTime":417.779,"endTime":421.589,"body":"the fun in this is because you"},{"speaker":"Espen Johansen","startTime":417.779,"endTime":421.589,"body":"have this really difficult thing"},{"speaker":"Espen Johansen","startTime":421.589,"endTime":424.769,"body":"that people really want to do."},{"speaker":"Espen Johansen","startTime":421.589,"endTime":424.769,"body":"But they just don't know how to."},{"speaker":"Espen Johansen","startTime":424.829,"endTime":428.609,"body":"So how do you explain this to"},{"speaker":"Espen Johansen","startTime":424.829,"endTime":428.609,"body":"them in a way that inspires them"},{"speaker":"Espen Johansen","startTime":428.609,"endTime":431.939,"body":"and motivates them over time."},{"speaker":"Espen Johansen","startTime":428.609,"endTime":431.939,"body":"And this is hard, and you have"},{"speaker":"Espen Johansen","startTime":431.969,"endTime":436.349,"body":"to keep at it for a long, long"},{"speaker":"Espen Johansen","startTime":431.969,"endTime":436.349,"body":"time. It's not just a magic"},{"speaker":"Espen Johansen","startTime":436.349,"endTime":439.019,"body":"recipe. I deployed this and run"},{"speaker":"Espen Johansen","startTime":436.349,"endTime":439.019,"body":"by this product and everything's"},{"speaker":"Espen Johansen","startTime":439.019,"endTime":442.199,"body":"fine. It's a mental process, and"},{"speaker":"Espen Johansen","startTime":439.019,"endTime":442.199,"body":"it's changed your culture."},{"speaker":"Robby Peralta","startTime":443.31,"endTime":445.53,"body":"in that article,"},{"speaker":"Robby Peralta","startTime":443.31,"endTime":445.53,"body":"or in that paper, you"},{"speaker":"Robby Peralta","startTime":445.53,"endTime":449.76,"body":"interviewed 23 organizations in"},{"speaker":"Robby Peralta","startTime":445.53,"endTime":449.76,"body":"Norway of varying sizes, I would"},{"speaker":"Robby Peralta","startTime":449.76,"endTime":452.79,"body":"assume that the the smaller"},{"speaker":"Robby Peralta","startTime":449.76,"endTime":452.79,"body":"companies will struggle a bit"},{"speaker":"Robby Peralta","startTime":452.79,"endTime":455.43,"body":"with this more than the larger"},{"speaker":"Robby Peralta","startTime":452.79,"endTime":455.43,"body":"ones is that is that a correct"},{"speaker":"Robby Peralta","startTime":455.43,"endTime":456.21,"body":"assumption, or I"},{"speaker":"Daniela Cruzes","startTime":456.75,"endTime":458.67,"body":"think the"},{"speaker":"Daniela Cruzes","startTime":456.75,"endTime":458.67,"body":"challenges are different. We"},{"speaker":"Daniela Cruzes","startTime":458.67,"endTime":461.04,"body":"have been working in a few"},{"speaker":"Daniela Cruzes","startTime":458.67,"endTime":461.04,"body":"different companies in the"},{"speaker":"Daniela Cruzes","startTime":461.04,"endTime":464.16,"body":"projects that we are running"},{"speaker":"Daniela Cruzes","startTime":461.04,"endTime":464.16,"body":"about software security in Agile"},{"speaker":"Daniela Cruzes","startTime":464.16,"endTime":467.37,"body":"software development. And we see"},{"speaker":"Daniela Cruzes","startTime":464.16,"endTime":467.37,"body":"that the challenges are"},{"speaker":"Daniela Cruzes","startTime":467.37,"endTime":471.6,"body":"different. Sometimes it's much"},{"speaker":"Daniela Cruzes","startTime":467.37,"endTime":471.6,"body":"better to do things in Visma"},{"speaker":"Daniela Cruzes","startTime":471.6,"endTime":474.78,"body":"because they might have more"},{"speaker":"Daniela Cruzes","startTime":471.6,"endTime":474.78,"body":"resources they have might have"},{"speaker":"Daniela Cruzes","startTime":474.78,"endTime":479.31,"body":"more knowledge available, more"},{"speaker":"Daniela Cruzes","startTime":474.78,"endTime":479.31,"body":"skill sets. But then sometimes"},{"speaker":"Daniela Cruzes","startTime":479.31,"endTime":481.92,"body":"it's much easier to do things"},{"speaker":"Daniela Cruzes","startTime":479.31,"endTime":481.92,"body":"with a smaller company, because"},{"speaker":"Daniela Cruzes","startTime":481.92,"endTime":486.72,"body":"then whatever we try is not so"},{"speaker":"Daniela Cruzes","startTime":481.92,"endTime":486.72,"body":"costly to try, right? So then we"},{"speaker":"Daniela Cruzes","startTime":486.72,"endTime":490.23,"body":"are much more able to try things"},{"speaker":"Daniela Cruzes","startTime":486.72,"endTime":490.23,"body":"that we would like to see if"},{"speaker":"Daniela Cruzes","startTime":490.23,"endTime":493.74,"body":"that's going to improve security"},{"speaker":"Daniela Cruzes","startTime":490.23,"endTime":493.74,"body":"or not, in that flexible way,"},{"speaker":"Daniela Cruzes","startTime":493.74,"endTime":496.5,"body":"then sometimes these nice for"},{"speaker":"Daniela Cruzes","startTime":493.74,"endTime":496.5,"body":"example, you know,"},{"speaker":"Espen Johansen","startTime":497.04,"endTime":499.11,"body":"I can also I can"},{"speaker":"Espen Johansen","startTime":497.04,"endTime":499.11,"body":"also add to some of the things"},{"speaker":"Espen Johansen","startTime":499.11,"endTime":502.17,"body":"that we have learned from from"},{"speaker":"Espen Johansen","startTime":499.11,"endTime":502.17,"body":"working also we don't know is to"},{"speaker":"Espen Johansen","startTime":502.17,"endTime":506.34,"body":"do lots more experimentation."},{"speaker":"Espen Johansen","startTime":502.17,"endTime":506.34,"body":"And as being as this is quite a"},{"speaker":"Espen Johansen","startTime":506.34,"endTime":509.76,"body":"large company, to experiment for"},{"speaker":"Espen Johansen","startTime":506.34,"endTime":509.76,"body":"a couple of teams in a couple of"},{"speaker":"Espen Johansen","startTime":509.76,"endTime":513.39,"body":"countries and a couple of"},{"speaker":"Espen Johansen","startTime":509.76,"endTime":513.39,"body":"cultures, you can achieve much"},{"speaker":"Espen Johansen","startTime":513.39,"endTime":516.48,"body":"faster progress than if you have"},{"speaker":"Espen Johansen","startTime":513.39,"endTime":516.48,"body":"to wait until you have a big"},{"speaker":"Espen Johansen","startTime":516.48,"endTime":519.12,"body":"bang have something that needs"},{"speaker":"Espen Johansen","startTime":516.48,"endTime":519.12,"body":"to be released. Some"},{"speaker":"Espen Johansen","startTime":519.12,"endTime":522.12,"body":"experimentation, I think it's"},{"speaker":"Espen Johansen","startTime":519.12,"endTime":522.12,"body":"essential to just try something"},{"speaker":"Espen Johansen","startTime":522.75,"endTime":523.89,"body":"better than doing nothing at"},{"speaker":"Espen Johansen","startTime":522.75,"endTime":523.89,"body":"all."},{"speaker":"Robby Peralta","startTime":526.06,"endTime":528.22,"body":"We've got to"},{"speaker":"Robby Peralta","startTime":526.06,"endTime":528.22,"body":"mention that Visma is spoiled"},{"speaker":"Robby Peralta","startTime":528.22,"endTime":529.9,"body":"because they have a spin on"},{"speaker":"Robby Peralta","startTime":528.22,"endTime":529.9,"body":"their teams that might that"},{"speaker":"Robby Peralta","startTime":529.9,"endTime":537.4,"body":"might help. But I have a"},{"speaker":"Robby Peralta","startTime":529.9,"endTime":537.4,"body":"question. It's pretty mean. But"},{"speaker":"Robby Peralta","startTime":537.4,"endTime":540.31,"body":"it's also based on another paper"},{"speaker":"Robby Peralta","startTime":537.4,"endTime":540.31,"body":"that you wrote, and it's called"},{"speaker":"Robby Peralta","startTime":540.34,"endTime":543.43,"body":"good enough security. What is"},{"speaker":"Robby Peralta","startTime":540.34,"endTime":543.43,"body":"good enough security?"},{"speaker":"Daniela Cruzes","startTime":545.29,"endTime":548.41,"body":"Maybe you can"},{"speaker":"Daniela Cruzes","startTime":545.29,"endTime":548.41,"body":"ask Espen first because he works"},{"speaker":"Daniela Cruzes","startTime":548.41,"endTime":548.92,"body":"with security"},{"speaker":"Espen Johansen","startTime":553.98,"endTime":556.74,"body":"This is about"},{"speaker":"Espen Johansen","startTime":553.98,"endTime":556.74,"body":"five years ago, Daniela was"},{"speaker":"Espen Johansen","startTime":556.74,"endTime":559.8,"body":"sitting in the office, I think"},{"speaker":"Espen Johansen","startTime":556.74,"endTime":559.8,"body":"it was in Oslo, and discussion"},{"speaker":"Espen Johansen","startTime":559.8,"endTime":563.4,"body":"with another one of the my"},{"speaker":"Espen Johansen","startTime":559.8,"endTime":563.4,"body":"colleague doctors that Alan and"},{"speaker":"Espen Johansen","startTime":563.4,"endTime":565.77,"body":"he asked the question, what is"},{"speaker":"Espen Johansen","startTime":563.4,"endTime":565.77,"body":"spiritual security? And he said,"},{"speaker":"Espen Johansen","startTime":565.77,"endTime":569.7,"body":"You don't know. And I think the"},{"speaker":"Espen Johansen","startTime":565.77,"endTime":569.7,"body":"actual answer is was basically"},{"speaker":"Espen Johansen","startTime":569.7,"endTime":574.44,"body":"we don't know, what is the"},{"speaker":"Espen Johansen","startTime":569.7,"endTime":574.44,"body":"absence? I think I think we"},{"speaker":"Espen Johansen","startTime":574.44,"endTime":578.13,"body":"actually have some evidence to"},{"speaker":"Espen Johansen","startTime":574.44,"endTime":578.13,"body":"suggest what is not good enough"},{"speaker":"Espen Johansen","startTime":578.13,"endTime":582.39,"body":"security. So if you look at some"},{"speaker":"Espen Johansen","startTime":578.13,"endTime":582.39,"body":"of the cases that has been in"},{"speaker":"Espen Johansen","startTime":582.39,"endTime":586.56,"body":"the media over the last four or"},{"speaker":"Espen Johansen","startTime":582.39,"endTime":586.56,"body":"five years, is you have some"},{"speaker":"Espen Johansen","startTime":586.56,"endTime":589.26,"body":"companies that has been"},{"speaker":"Espen Johansen","startTime":586.56,"endTime":589.26,"body":"breached, for instance. And"},{"speaker":"Espen Johansen","startTime":589.26,"endTime":592.44,"body":"these companies that have been"},{"speaker":"Espen Johansen","startTime":589.26,"endTime":592.44,"body":"breached or has been sued, and"},{"speaker":"Espen Johansen","startTime":592.44,"endTime":596.97,"body":"had had really hard consequences"},{"speaker":"Espen Johansen","startTime":592.44,"endTime":596.97,"body":"of that breach, and I was in"},{"speaker":"Espen Johansen","startTime":596.97,"endTime":600.72,"body":"evidence could suggest that they"},{"speaker":"Espen Johansen","startTime":596.97,"endTime":600.72,"body":"hadn't done enough security. And"},{"speaker":"Espen Johansen","startTime":600.72,"endTime":603.93,"body":"then other companies that has"},{"speaker":"Espen Johansen","startTime":600.72,"endTime":603.93,"body":"also suffered the same fate that"},{"speaker":"Espen Johansen","startTime":603.93,"endTime":607.71,"body":"has not been sued to that hasn't"},{"speaker":"Espen Johansen","startTime":603.93,"endTime":607.71,"body":"suffered really severe"},{"speaker":"Espen Johansen","startTime":607.71,"endTime":610.5,"body":"consequences with regards to the"},{"speaker":"Espen Johansen","startTime":607.71,"endTime":610.5,"body":"customers leaving them and stuff"},{"speaker":"Espen Johansen","startTime":610.5,"endTime":613.89,"body":"like that. So that could"},{"speaker":"Espen Johansen","startTime":610.5,"endTime":613.89,"body":"constitute some level of"},{"speaker":"Espen Johansen","startTime":613.89,"endTime":617.52,"body":"evidence to say that something"},{"speaker":"Espen Johansen","startTime":613.89,"endTime":617.52,"body":"is at least not enough. And what"},{"speaker":"Espen Johansen","startTime":617.52,"endTime":622.38,"body":"is then good, I would assume is"},{"speaker":"Espen Johansen","startTime":617.52,"endTime":622.38,"body":"the on the opposite end of what"},{"speaker":"Espen Johansen","startTime":622.38,"endTime":624.51,"body":"is not enough? Would you say?"},{"speaker":"Daniela Cruzes","startTime":625.74,"endTime":631.38,"body":"Yes. Yeah. And"},{"speaker":"Daniela Cruzes","startTime":625.74,"endTime":631.38,"body":"it's also about like, we have"},{"speaker":"Daniela Cruzes","startTime":631.38,"endTime":636.0,"body":"now we started especially, these"},{"speaker":"Daniela Cruzes","startTime":631.38,"endTime":636.0,"body":"are some activities that we see"},{"speaker":"Daniela Cruzes","startTime":636.0,"endTime":641.7,"body":"that influences the security in"},{"speaker":"Daniela Cruzes","startTime":636.0,"endTime":641.7,"body":"a good way. So then we see that"},{"speaker":"Daniela Cruzes","startTime":641.7,"endTime":645.27,"body":"like, teams that doesn't follow"},{"speaker":"Daniela Cruzes","startTime":641.7,"endTime":645.27,"body":"some of the things that the"},{"speaker":"Daniela Cruzes","startTime":645.27,"endTime":648.84,"body":"security program asked them to"},{"speaker":"Daniela Cruzes","startTime":645.27,"endTime":648.84,"body":"follow. When they go, for"},{"speaker":"Daniela Cruzes","startTime":648.84,"endTime":651.93,"body":"example, for a bug bounty"},{"speaker":"Daniela Cruzes","startTime":648.84,"endTime":651.93,"body":"program, they struggle much more"},{"speaker":"Daniela Cruzes","startTime":651.99,"endTime":658.95,"body":"than the teams that that did"},{"speaker":"Daniela Cruzes","startTime":651.99,"endTime":658.95,"body":"follow the mandate. That"},{"speaker":"Daniela Cruzes","startTime":658.95,"endTime":663.66,"body":"basically says, right, so then"},{"speaker":"Daniela Cruzes","startTime":658.95,"endTime":663.66,"body":"we have some evidence of that,"},{"speaker":"Daniela Cruzes","startTime":663.69,"endTime":667.17,"body":"that's like when the team's goes"},{"speaker":"Daniela Cruzes","startTime":663.69,"endTime":667.17,"body":"to the bug bounty program. And"},{"speaker":"Daniela Cruzes","startTime":667.17,"endTime":671.67,"body":"they didn't apply all the"},{"speaker":"Daniela Cruzes","startTime":667.17,"endTime":671.67,"body":"suggested like activities, that"},{"speaker":"Daniela Cruzes","startTime":671.67,"endTime":675.09,"body":"seems to be good for security to"},{"speaker":"Daniela Cruzes","startTime":671.67,"endTime":675.09,"body":"have a good enough security,"},{"speaker":"Daniela Cruzes","startTime":675.27,"endTime":676.32,"body":"they struggle much more."},{"speaker":"Espen Johansen","startTime":677.5,"endTime":679.51,"body":"I would agree to"},{"speaker":"Espen Johansen","startTime":677.5,"endTime":679.51,"body":"that. And we actually put that"},{"speaker":"Espen Johansen","startTime":679.51,"endTime":684.43,"body":"into monetary metrics, Daniela"},{"speaker":"Espen Johansen","startTime":679.51,"endTime":684.43,"body":"just last week. Because we built"},{"speaker":"Espen Johansen","startTime":684.43,"endTime":688.9,"body":"this median, the median payment"},{"speaker":"Espen Johansen","startTime":684.43,"endTime":688.9,"body":"that we do, on average, on a"},{"speaker":"Espen Johansen","startTime":688.9,"endTime":692.83,"body":"yearly basis for teams that are"},{"speaker":"Espen Johansen","startTime":688.9,"endTime":692.83,"body":"on the bug bounty, and the"},{"speaker":"Espen Johansen","startTime":692.83,"endTime":698.41,"body":"normal median is approximately"},{"speaker":"Espen Johansen","startTime":692.83,"endTime":698.41,"body":"$2,500 per year. But the"},{"speaker":"Espen Johansen","startTime":698.47,"endTime":701.05,"body":"outriggers, the ones who have"},{"speaker":"Espen Johansen","startTime":698.47,"endTime":701.05,"body":"not been through the entire"},{"speaker":"Espen Johansen","startTime":701.05,"endTime":704.83,"body":"program has not been kind of"},{"speaker":"Espen Johansen","startTime":701.05,"endTime":704.83,"body":"through the static analysis,"},{"speaker":"Espen Johansen","startTime":704.83,"endTime":709.06,"body":"dynamic testing, and all of the"},{"speaker":"Espen Johansen","startTime":704.83,"endTime":709.06,"body":"normal things that we do, to the"},{"speaker":"Espen Johansen","startTime":709.06,"endTime":714.31,"body":"most extreme outrigger had about"},{"speaker":"Espen Johansen","startTime":709.06,"endTime":714.31,"body":"$75,000 in a month in bounties."},{"speaker":"Espen Johansen","startTime":714.55,"endTime":717.16,"body":"So you can see there's a"},{"speaker":"Espen Johansen","startTime":714.55,"endTime":717.16,"body":"dramatic difference in the"},{"speaker":"Espen Johansen","startTime":717.16,"endTime":721.18,"body":"actual spending on bug bounty,"},{"speaker":"Espen Johansen","startTime":717.16,"endTime":721.18,"body":"based on when the program or"},{"speaker":"Espen Johansen","startTime":721.18,"endTime":724.57,"body":"outside the program. So I'm"},{"speaker":"Espen Johansen","startTime":721.18,"endTime":724.57,"body":"really hoping to kind of show"},{"speaker":"Espen Johansen","startTime":724.57,"endTime":727.57,"body":"these figures, let's let's give"},{"speaker":"Espen Johansen","startTime":724.57,"endTime":727.57,"body":"it a year or two more when we"},{"speaker":"Espen Johansen","startTime":727.57,"endTime":731.17,"body":"have more data in so and then we"},{"speaker":"Espen Johansen","startTime":727.57,"endTime":731.17,"body":"can try to do more experiments,"},{"speaker":"Espen Johansen","startTime":731.17,"endTime":734.68,"body":"Daniel, if you want that. So"},{"speaker":"Espen Johansen","startTime":731.17,"endTime":734.68,"body":"throw someone in a bit early, I"},{"speaker":"Espen Johansen","startTime":734.68,"endTime":735.4,"body":"can see what happens."},{"speaker":"Robby Peralta","startTime":735.97,"endTime":737.41,"body":"So if I just"},{"speaker":"Robby Peralta","startTime":735.97,"endTime":737.41,"body":"understood you correctly, you"},{"speaker":"Robby Peralta","startTime":737.41,"endTime":742.3,"body":"said that the average cost of"},{"speaker":"Robby Peralta","startTime":737.41,"endTime":742.3,"body":"fixing something for for a bug"},{"speaker":"Robby Peralta","startTime":742.3,"endTime":744.61,"body":"in a system that's gone through"},{"speaker":"Robby Peralta","startTime":742.3,"endTime":744.61,"body":"static analysis and all these"},{"speaker":"Robby Peralta","startTime":744.61,"endTime":747.88,"body":"steps you put in place that was"},{"speaker":"Robby Peralta","startTime":744.61,"endTime":747.88,"body":"a lot lower than the bug bounty"},{"speaker":"Robby Peralta","startTime":747.88,"endTime":750.13,"body":"cost that you had for a system"},{"speaker":"Robby Peralta","startTime":747.88,"endTime":750.13,"body":"that didn't go through all those"},{"speaker":"Robby Peralta","startTime":750.13,"endTime":751.0,"body":"steps without you just said,"},{"speaker":"Espen Johansen","startTime":751.51,"endTime":754.75,"body":"Yeah, I still"},{"speaker":"Espen Johansen","startTime":751.51,"endTime":754.75,"body":"have inconsistent data would"},{"speaker":"Espen Johansen","startTime":754.75,"endTime":758.59,"body":"say, but it's at least from our"},{"speaker":"Espen Johansen","startTime":754.75,"endTime":758.59,"body":"data so far, we can see that"},{"speaker":"Espen Johansen","startTime":758.59,"endTime":762.91,"body":"there is an average cost for a"},{"speaker":"Espen Johansen","startTime":758.59,"endTime":762.91,"body":"team in bug bounty that is quite"},{"speaker":"Espen Johansen","startTime":762.91,"endTime":767.26,"body":"static, it's quite, it's quite"},{"speaker":"Espen Johansen","startTime":762.91,"endTime":767.26,"body":"static around $2,500 per year."},{"speaker":"Espen Johansen","startTime":767.86,"endTime":770.68,"body":"But when you use new services"},{"speaker":"Espen Johansen","startTime":767.86,"endTime":770.68,"body":"that hasn't been through the"},{"speaker":"Espen Johansen","startTime":770.68,"endTime":773.68,"body":"entire program, it might be"},{"speaker":"Espen Johansen","startTime":770.68,"endTime":773.68,"body":"because of some kind of"},{"speaker":"Espen Johansen","startTime":774.64,"endTime":777.4,"body":"political decision we want to"},{"speaker":"Espen Johansen","startTime":774.64,"endTime":777.4,"body":"make. We want to enroll someone"},{"speaker":"Espen Johansen","startTime":777.4,"endTime":780.64,"body":"really fast to supercharge them,"},{"speaker":"Espen Johansen","startTime":777.4,"endTime":780.64,"body":"which is a good thing we do for"},{"speaker":"Espen Johansen","startTime":780.64,"endTime":783.85,"body":"some teams, then we are prepared"},{"speaker":"Espen Johansen","startTime":780.64,"endTime":783.85,"body":"to pick up the cost of Messina,"},{"speaker":"Espen Johansen","startTime":783.85,"endTime":787.33,"body":"the cost of these teams are"},{"speaker":"Espen Johansen","startTime":783.85,"endTime":787.33,"body":"significantly higher in the"},{"speaker":"Espen Johansen","startTime":787.33,"endTime":790.33,"body":"first months than the ones who"},{"speaker":"Espen Johansen","startTime":787.33,"endTime":790.33,"body":"have been through this maturing"},{"speaker":"Espen Johansen","startTime":790.33,"endTime":794.77,"body":"face. So we have hard evidence"},{"speaker":"Espen Johansen","startTime":790.33,"endTime":794.77,"body":"right now. But we will get more"},{"speaker":"Espen Johansen","startTime":794.77,"endTime":797.68,"body":"evidence over the years to come,"},{"speaker":"Espen Johansen","startTime":794.77,"endTime":797.68,"body":"I would guess."},{"speaker":"Daniela Cruzes","startTime":798.36,"endTime":801.06,"body":"So when we say"},{"speaker":"Daniela Cruzes","startTime":798.36,"endTime":801.06,"body":"about like costs, we mean that"},{"speaker":"Daniela Cruzes","startTime":801.06,"endTime":803.97,"body":"the number of bugs and the"},{"speaker":"Daniela Cruzes","startTime":801.06,"endTime":803.97,"body":"severity of the bugs that were"},{"speaker":"Daniela Cruzes","startTime":803.97,"endTime":808.05,"body":"found in these teams are much"},{"speaker":"Daniela Cruzes","startTime":803.97,"endTime":808.05,"body":"higher than the teams that have"},{"speaker":"Daniela Cruzes","startTime":808.05,"endTime":811.44,"body":"gone through the program and"},{"speaker":"Daniela Cruzes","startTime":808.05,"endTime":811.44,"body":"tried to find these security"},{"speaker":"Daniela Cruzes","startTime":811.44,"endTime":814.95,"body":"problems before it went to"},{"speaker":"Daniela Cruzes","startTime":811.44,"endTime":814.95,"body":"production or went to the bug"},{"speaker":"Daniela Cruzes","startTime":814.95,"endTime":816.33,"body":"bounty program."},{"speaker":"Espen Johansen","startTime":817.71,"endTime":819.87,"body":"Remember, we had"},{"speaker":"Espen Johansen","startTime":817.71,"endTime":819.87,"body":"some talks earlier than Daniela,"},{"speaker":"Espen Johansen","startTime":819.9,"endTime":822.81,"body":"we had some kind of challenges,"},{"speaker":"Espen Johansen","startTime":819.9,"endTime":822.81,"body":"who should be challenged this"},{"speaker":"Espen Johansen","startTime":822.84,"endTime":828.21,"body":"this, this shift left kind of"},{"speaker":"Espen Johansen","startTime":822.84,"endTime":828.21,"body":"orientation to the challenges"},{"speaker":"Espen Johansen","startTime":828.21,"endTime":831.45,"body":"and just drop all the static"},{"speaker":"Espen Johansen","startTime":828.21,"endTime":831.45,"body":"analysis, dynamic testing and"},{"speaker":"Espen Johansen","startTime":831.45,"endTime":834.54,"body":"all that stuff. And just hurl"},{"speaker":"Espen Johansen","startTime":831.45,"endTime":834.54,"body":"everything at bug bounty"},{"speaker":"Espen Johansen","startTime":834.54,"endTime":839.34,"body":"immediately. So but the actual"},{"speaker":"Espen Johansen","startTime":834.54,"endTime":839.34,"body":"cost for risk might be lower."},{"speaker":"Espen Johansen","startTime":839.82,"endTime":843.96,"body":"And my, my observation so far is"},{"speaker":"Espen Johansen","startTime":839.82,"endTime":843.96,"body":"Hell no, it will be much higher."},{"speaker":"Espen Johansen","startTime":844.32,"endTime":850.17,"body":"So the actual actual qualifying"},{"speaker":"Espen Johansen","startTime":844.32,"endTime":850.17,"body":"things that we do in the"},{"speaker":"Espen Johansen","startTime":850.17,"endTime":853.38,"body":"beginning, but the security self"},{"speaker":"Espen Johansen","startTime":850.17,"endTime":853.38,"body":"assessment, this disaster, last"},{"speaker":"Espen Johansen","startTime":853.38,"endTime":855.57,"body":"thing, the cyber threat"},{"speaker":"Espen Johansen","startTime":853.38,"endTime":855.57,"body":"intelligence, the kind of"},{"speaker":"Espen Johansen","startTime":855.63,"endTime":859.47,"body":"penetration testing all that"},{"speaker":"Espen Johansen","startTime":855.63,"endTime":859.47,"body":"stuff. It prepares them for the"},{"speaker":"Espen Johansen","startTime":859.47,"endTime":863.4,"body":"dynamic battlefield that are"},{"speaker":"Espen Johansen","startTime":859.47,"endTime":863.4,"body":"about to enter. So I still"},{"speaker":"Espen Johansen","startTime":864.09,"endTime":868.83,"body":"strongly believe that the data"},{"speaker":"Espen Johansen","startTime":864.09,"endTime":868.83,"body":"supports us that the sdlc should"},{"speaker":"Espen Johansen","startTime":868.83,"endTime":872.4,"body":"be oriented against shift left."},{"speaker":"Espen Johansen","startTime":868.83,"endTime":872.4,"body":"But I haven't experimented"},{"speaker":"Espen Johansen","startTime":872.43,"endTime":875.76,"body":"enough to be conclusive yet."},{"speaker":"Espen Johansen","startTime":872.43,"endTime":875.76,"body":"danella to be fun to see if we"},{"speaker":"Espen Johansen","startTime":875.76,"endTime":878.28,"body":"could just take a couple of"},{"speaker":"Espen Johansen","startTime":875.76,"endTime":878.28,"body":"teams directly off the bug"},{"speaker":"Espen Johansen","startTime":878.28,"endTime":882.0,"body":"bounty, scrap all the others"},{"speaker":"Espen Johansen","startTime":878.28,"endTime":882.0,"body":"just pour them in and see what"},{"speaker":"Espen Johansen","startTime":882.0,"endTime":884.76,"body":"happens. But I'm not sure if I"},{"speaker":"Espen Johansen","startTime":882.0,"endTime":884.76,"body":"have the money to do that."},{"speaker":"Daniela Cruzes","startTime":889.98,"endTime":892.74,"body":"that is also not"},{"speaker":"Daniela Cruzes","startTime":889.98,"endTime":892.74,"body":"the not only the immediate"},{"speaker":"Daniela Cruzes","startTime":892.77,"endTime":898.11,"body":"effect of this, but I think that"},{"speaker":"Daniela Cruzes","startTime":892.77,"endTime":898.11,"body":"what visma also gains by"},{"speaker":"Daniela Cruzes","startTime":898.2,"endTime":901.47,"body":"exposing the teams to so many"},{"speaker":"Daniela Cruzes","startTime":898.2,"endTime":901.47,"body":"Security activities, and now"},{"speaker":"Daniela Cruzes","startTime":901.47,"endTime":906.27,"body":"arenas and so on, is that by"},{"speaker":"Daniela Cruzes","startTime":901.47,"endTime":906.27,"body":"like thinking of long term, they"},{"speaker":"Daniela Cruzes","startTime":906.27,"endTime":909.66,"body":"will always perform good, right?"},{"speaker":"Daniela Cruzes","startTime":906.27,"endTime":909.66,"body":"So the more they know, the less"},{"speaker":"Daniela Cruzes","startTime":909.66,"endTime":912.54,"body":"they are going to commit"},{"speaker":"Daniela Cruzes","startTime":909.66,"endTime":912.54,"body":"mistakes. And if you just like"},{"speaker":"Daniela Cruzes","startTime":912.54,"endTime":915.96,"body":"expose them to a bug mounting"},{"speaker":"Daniela Cruzes","startTime":912.54,"endTime":915.96,"body":"how much they learn out of that,"},{"speaker":"Daniela Cruzes","startTime":916.05,"endTime":918.87,"body":"right? And how much they learn"},{"speaker":"Daniela Cruzes","startTime":916.05,"endTime":918.87,"body":"to prevent these things to"},{"speaker":"Daniela Cruzes","startTime":918.87,"endTime":920.16,"body":"happen? I don't know."},{"speaker":"Robby Peralta","startTime":920.82,"endTime":922.26,"body":"So let's say"},{"speaker":"Robby Peralta","startTime":920.82,"endTime":922.26,"body":"you're one of them, you're an IT"},{"speaker":"Robby Peralta","startTime":922.26,"endTime":924.87,"body":"managers in charge of security,"},{"speaker":"Robby Peralta","startTime":922.26,"endTime":924.87,"body":"or you're ahead of the product."},{"speaker":"Robby Peralta","startTime":925.26,"endTime":927.78,"body":"And you don't have a bug bounty"},{"speaker":"Robby Peralta","startTime":925.26,"endTime":927.78,"body":"program, you're not there yet."},{"speaker":"Robby Peralta","startTime":928.29,"endTime":930.81,"body":"What and you can only choose"},{"speaker":"Robby Peralta","startTime":928.29,"endTime":930.81,"body":"like one or two things you could"},{"speaker":"Robby Peralta","startTime":930.81,"endTime":932.91,"body":"do, would it be like static"},{"speaker":"Robby Peralta","startTime":930.81,"endTime":932.91,"body":"analysis? Or would it be"},{"speaker":"Robby Peralta","startTime":932.91,"endTime":935.91,"body":"training your developers? What"},{"speaker":"Robby Peralta","startTime":932.91,"endTime":935.91,"body":"What would you like your first"},{"speaker":"Robby Peralta","startTime":935.91,"endTime":938.37,"body":"focus be? Would you start all"},{"speaker":"Robby Peralta","startTime":935.91,"endTime":938.37,"body":"the way left and just okay, I'm"},{"speaker":"Robby Peralta","startTime":938.37,"endTime":940.47,"body":"not gonna scan any of our code."},{"speaker":"Robby Peralta","startTime":938.37,"endTime":940.47,"body":"I'm not going to do that that,"},{"speaker":"Robby Peralta","startTime":940.47,"endTime":943.17,"body":"we're just gonna train our"},{"speaker":"Robby Peralta","startTime":940.47,"endTime":943.17,"body":"developers to write secure code,"},{"speaker":"Robby Peralta","startTime":943.65,"endTime":946.35,"body":"or would you actually put in"},{"speaker":"Robby Peralta","startTime":943.65,"endTime":946.35,"body":"like, you know, static analysis,"},{"speaker":"Robby Peralta","startTime":946.35,"endTime":949.56,"body":"dynamic analysis and go for"},{"speaker":"Robby Peralta","startTime":946.35,"endTime":949.56,"body":"tools, if you had to choose like"},{"speaker":"Robby Peralta","startTime":949.56,"endTime":950.37,"body":"one or two things,"},{"speaker":"Espen Johansen","startTime":952.35,"endTime":954.93,"body":"I could at least"},{"speaker":"Espen Johansen","startTime":952.35,"endTime":954.93,"body":"kind of consider some of that."},{"speaker":"Espen Johansen","startTime":955.17,"endTime":957.84,"body":"So it'd be kind of in the use"},{"speaker":"Espen Johansen","startTime":955.17,"endTime":957.84,"body":"case, you're describing Robby,"},{"speaker":"Espen Johansen","startTime":957.84,"endTime":960.27,"body":"now you're discussing someone"},{"speaker":"Espen Johansen","startTime":957.84,"endTime":960.27,"body":"who's going to cloud, you know,"},{"speaker":"Espen Johansen","startTime":960.27,"endTime":964.44,"body":"kind of, let's say, Azure, or"},{"speaker":"Espen Johansen","startTime":960.27,"endTime":964.44,"body":"Amazon, or deploying their, if"},{"speaker":"Espen Johansen","startTime":964.44,"endTime":968.49,"body":"they are kind of a slim, small"},{"speaker":"Espen Johansen","startTime":964.44,"endTime":968.49,"body":"company, four to five developers"},{"speaker":"Espen Johansen","startTime":968.49,"endTime":971.85,"body":"kind of a mentor to. So why not"},{"speaker":"Espen Johansen","startTime":968.49,"endTime":971.85,"body":"just use the the tech stack"},{"speaker":"Espen Johansen","startTime":971.85,"endTime":974.97,"body":"that's available cloud native,"},{"speaker":"Espen Johansen","startTime":971.85,"endTime":974.97,"body":"because both Amazon and Azure"},{"speaker":"Espen Johansen","startTime":974.97,"endTime":978.0,"body":"actually have both, both static"},{"speaker":"Espen Johansen","startTime":974.97,"endTime":978.0,"body":"analysis, dynamic testing, they"},{"speaker":"Espen Johansen","startTime":978.0,"endTime":980.94,"body":"have all of these features"},{"speaker":"Espen Johansen","startTime":978.0,"endTime":980.94,"body":"inside. If they develop the code"},{"speaker":"Espen Johansen","startTime":980.94,"endTime":984.09,"body":"and GitHub, they have all the"},{"speaker":"Espen Johansen","startTime":980.94,"endTime":984.09,"body":"kind of bells and whistles there"},{"speaker":"Espen Johansen","startTime":984.09,"endTime":986.97,"body":"already. So you'll see why they"},{"speaker":"Espen Johansen","startTime":984.09,"endTime":986.97,"body":"shouldn't do it, because most of"},{"speaker":"Espen Johansen","startTime":986.97,"endTime":991.47,"body":"it is really, really low cost."},{"speaker":"Espen Johansen","startTime":986.97,"endTime":991.47,"body":"But when it comes to kind of,"},{"speaker":"Espen Johansen","startTime":991.8,"endTime":995.76,"body":"it's depending on the market,"},{"speaker":"Espen Johansen","startTime":991.8,"endTime":995.76,"body":"again, some customers demand you"},{"speaker":"Espen Johansen","startTime":995.76,"endTime":998.67,"body":"to do an external third party"},{"speaker":"Espen Johansen","startTime":995.76,"endTime":998.67,"body":"validation. And they have quite"},{"speaker":"Espen Johansen","startTime":998.67,"endTime":1002.72,"body":"strict requirements to what that"},{"speaker":"Espen Johansen","startTime":998.67,"endTime":1002.72,"body":"is. And I always, whenever some"},{"speaker":"Espen Johansen","startTime":1002.72,"endTime":1005.57,"body":"of my teams or some of the teams"},{"speaker":"Espen Johansen","startTime":1002.72,"endTime":1005.57,"body":"this last minute question, and I"},{"speaker":"Espen Johansen","startTime":1005.57,"endTime":1010.22,"body":"get this question several times"},{"speaker":"Espen Johansen","startTime":1005.57,"endTime":1010.22,"body":"a week, it is which, but I need"},{"speaker":"Espen Johansen","startTime":1010.22,"endTime":1012.95,"body":"to do a pen test, because then"},{"speaker":"Espen Johansen","startTime":1010.22,"endTime":1012.95,"body":"there's some customer needs to"},{"speaker":"Espen Johansen","startTime":1012.95,"endTime":1016.31,"body":"have some kind of report that"},{"speaker":"Espen Johansen","startTime":1012.95,"endTime":1016.31,"body":"shows that we have done this. So"},{"speaker":"Espen Johansen","startTime":1016.31,"endTime":1019.7,"body":"who should I contact. So I've"},{"speaker":"Espen Johansen","startTime":1016.31,"endTime":1019.7,"body":"learned that every country has"},{"speaker":"Espen Johansen","startTime":1019.7,"endTime":1022.7,"body":"their own kind of best practice,"},{"speaker":"Espen Johansen","startTime":1019.7,"endTime":1022.7,"body":"there is a couple of companies"},{"speaker":"Espen Johansen","startTime":1022.7,"endTime":1025.67,"body":"in Norway mnemonic being one of"},{"speaker":"Espen Johansen","startTime":1022.7,"endTime":1025.67,"body":"them that I recommend. And"},{"speaker":"Espen Johansen","startTime":1025.67,"endTime":1028.22,"body":"there's a couple of companies in"},{"speaker":"Espen Johansen","startTime":1025.67,"endTime":1028.22,"body":"Finland, Sweden, Denmark,"},{"speaker":"Espen Johansen","startTime":1028.22,"endTime":1031.76,"body":"Netherlands, Lithuania and all"},{"speaker":"Espen Johansen","startTime":1028.22,"endTime":1031.76,"body":"the others, all countries seems"},{"speaker":"Espen Johansen","startTime":1031.76,"endTime":1035.96,"body":"to have some kind of thing that"},{"speaker":"Espen Johansen","startTime":1031.76,"endTime":1035.96,"body":"gives credibility. But the only"},{"speaker":"Espen Johansen","startTime":1035.96,"endTime":1039.8,"body":"advice I give everybody is do"},{"speaker":"Espen Johansen","startTime":1035.96,"endTime":1039.8,"body":"never, under any circumstance,"},{"speaker":"Espen Johansen","startTime":1039.83,"endTime":1043.49,"body":"let them only test the surface,"},{"speaker":"Espen Johansen","startTime":1039.83,"endTime":1043.49,"body":"give them credentials, let them"},{"speaker":"Espen Johansen","startTime":1043.49,"endTime":1047.21,"body":"crawl on the inside. Because if"},{"speaker":"Espen Johansen","startTime":1043.49,"endTime":1047.21,"body":"you just do kind of surface"},{"speaker":"Espen Johansen","startTime":1047.21,"endTime":1050.21,"body":"test, the only thing you're"},{"speaker":"Espen Johansen","startTime":1047.21,"endTime":1050.21,"body":"testing in the cloud is the kind"},{"speaker":"Espen Johansen","startTime":1050.21,"endTime":1054.44,"body":"of the outer hard shell of"},{"speaker":"Espen Johansen","startTime":1050.21,"endTime":1054.44,"body":"Amazon and Azure, why bother"},{"speaker":"Espen Johansen","startTime":1054.44,"endTime":1058.37,"body":"pretty hard. These guys they"},{"speaker":"Espen Johansen","startTime":1054.44,"endTime":1058.37,"body":"know what they're doing. So they"},{"speaker":"Espen Johansen","startTime":1058.37,"endTime":1061.4,"body":"think you actually want to test"},{"speaker":"Espen Johansen","startTime":1058.37,"endTime":1061.4,"body":"is the inside of the code is"},{"speaker":"Espen Johansen","startTime":1061.4,"endTime":1064.64,"body":"your own logic. And that means"},{"speaker":"Espen Johansen","startTime":1061.4,"endTime":1064.64,"body":"that you have to open up that"},{"speaker":"Espen Johansen","startTime":1064.64,"endTime":1069.59,"body":"kind of perspective. ."},{"speaker":"Espen Johansen","startTime":1073.57,"endTime":1076.63,"body":"So really free thing that you"},{"speaker":"Espen Johansen","startTime":1073.57,"endTime":1076.63,"body":"can do is just write the words"},{"speaker":"Espen Johansen","startTime":1076.63,"endTime":1080.5,"body":"responsible disclosure on your,"},{"speaker":"Espen Johansen","startTime":1076.63,"endTime":1080.5,"body":"on your webpage, just do that."},{"speaker":"Espen Johansen","startTime":1080.86,"endTime":1083.83,"body":"Just responsible disclosure,"},{"speaker":"Espen Johansen","startTime":1080.86,"endTime":1083.83,"body":"feel free to copy the kind of"},{"speaker":"Espen Johansen","startTime":1083.83,"endTime":1086.17,"body":"words that we have used this"},{"speaker":"Espen Johansen","startTime":1083.83,"endTime":1086.17,"body":"month, it's out there, just"},{"speaker":"Espen Johansen","startTime":1086.2,"endTime":1089.08,"body":"browse, just search for"},{"speaker":"Espen Johansen","startTime":1086.2,"endTime":1089.08,"body":"Responsible disclosure and and"},{"speaker":"Espen Johansen","startTime":1089.08,"endTime":1092.47,"body":"investment, you can find our"},{"speaker":"Espen Johansen","startTime":1089.08,"endTime":1092.47,"body":"policy just copied and rename it"},{"speaker":"Espen Johansen","startTime":1092.47,"endTime":1098.68,"body":"for me on purpose. But please"},{"speaker":"Espen Johansen","startTime":1092.47,"endTime":1098.68,"body":"replace our PGP key. Don't use"},{"speaker":"Espen Johansen","startTime":1098.68,"endTime":1101.98,"body":"my email address less stuff. But"},{"speaker":"Espen Johansen","startTime":1098.68,"endTime":1101.98,"body":"it because that will give you at"},{"speaker":"Espen Johansen","startTime":1101.98,"endTime":1106.51,"body":"least some external validation."},{"speaker":"Espen Johansen","startTime":1101.98,"endTime":1106.51,"body":"And you can get some young,"},{"speaker":"Espen Johansen","startTime":1107.11,"endTime":1110.41,"body":"aspiring people who would like"},{"speaker":"Espen Johansen","startTime":1107.11,"endTime":1110.41,"body":"to train their own skills and"},{"speaker":"Espen Johansen","startTime":1110.41,"endTime":1112.81,"body":"test their abilities, they will"},{"speaker":"Espen Johansen","startTime":1110.41,"endTime":1112.81,"body":"offer their time and they will"},{"speaker":"Espen Johansen","startTime":1112.81,"endTime":1116.32,"body":"give you lots of good feedback"},{"speaker":"Espen Johansen","startTime":1112.81,"endTime":1116.32,"body":"and choose some pen testers, if"},{"speaker":"Espen Johansen","startTime":1116.32,"endTime":1119.23,"body":"you want to be validated that"},{"speaker":"Espen Johansen","startTime":1116.32,"endTime":1119.23,"body":"whatever you do, let them in,"},{"speaker":"Espen Johansen","startTime":1119.32,"endTime":1122.32,"body":"don't just let them test the"},{"speaker":"Espen Johansen","startTime":1119.32,"endTime":1122.32,"body":"outside. It's not nice."},{"speaker":"Daniela Cruzes","startTime":1124.43,"endTime":1127.4,"body":"Yeah, to me, it"},{"speaker":"Daniela Cruzes","startTime":1124.43,"endTime":1127.4,"body":"goes back again to the question"},{"speaker":"Daniela Cruzes","startTime":1127.4,"endTime":1130.61,"body":"that you had about what's good"},{"speaker":"Daniela Cruzes","startTime":1127.4,"endTime":1130.61,"body":"enough security. And I think"},{"speaker":"Daniela Cruzes","startTime":1130.61,"endTime":1134.78,"body":"that that is a lot has to be"},{"speaker":"Daniela Cruzes","startTime":1130.61,"endTime":1134.78,"body":"based on the risks that you"},{"speaker":"Daniela Cruzes","startTime":1134.78,"endTime":1137.78,"body":"think that you are facing. And"},{"speaker":"Daniela Cruzes","startTime":1134.78,"endTime":1137.78,"body":"for each company, it will be"},{"speaker":"Daniela Cruzes","startTime":1137.78,"endTime":1141.23,"body":"different. So then they have we"},{"speaker":"Daniela Cruzes","startTime":1137.78,"endTime":1141.23,"body":"have to think about like, Okay,"},{"speaker":"Daniela Cruzes","startTime":1141.23,"endTime":1144.53,"body":"what are the risks that my"},{"speaker":"Daniela Cruzes","startTime":1141.23,"endTime":1144.53,"body":"product is facing, or it's"},{"speaker":"Daniela Cruzes","startTime":1144.56,"endTime":1147.77,"body":"what's the risk that it will"},{"speaker":"Daniela Cruzes","startTime":1144.56,"endTime":1147.77,"body":"face in one year. So then what's"},{"speaker":"Daniela Cruzes","startTime":1147.77,"endTime":1150.11,"body":"the best thing and what's the"},{"speaker":"Daniela Cruzes","startTime":1147.77,"endTime":1150.11,"body":"most important thing that I have"},{"speaker":"Daniela Cruzes","startTime":1150.11,"endTime":1154.91,"body":"to do? So then, if your main"},{"speaker":"Daniela Cruzes","startTime":1150.11,"endTime":1154.91,"body":"risk that you find out is that"},{"speaker":"Daniela Cruzes","startTime":1154.91,"endTime":1158.03,"body":"you are going to have problems"},{"speaker":"Daniela Cruzes","startTime":1154.91,"endTime":1158.03,"body":"with GDPR, for example, and you"},{"speaker":"Daniela Cruzes","startTime":1158.03,"endTime":1162.44,"body":"have a lot of sensitive data,"},{"speaker":"Daniela Cruzes","startTime":1158.03,"endTime":1162.44,"body":"then if you don't have a static"},{"speaker":"Daniela Cruzes","startTime":1162.44,"endTime":1165.92,"body":"analysis tools running to take"},{"speaker":"Daniela Cruzes","startTime":1162.44,"endTime":1165.92,"body":"to take at least the top 10 or"},{"speaker":"Daniela Cruzes","startTime":1165.92,"endTime":1170.6,"body":"asked issues, you know, at least"},{"speaker":"Daniela Cruzes","startTime":1165.92,"endTime":1170.6,"body":"covered, then you are going to"},{"speaker":"Daniela Cruzes","startTime":1170.6,"endTime":1173.84,"body":"have a big problem. And that's a"},{"speaker":"Daniela Cruzes","startTime":1170.6,"endTime":1173.84,"body":"big risk. But if you don't have"},{"speaker":"Daniela Cruzes","startTime":1173.84,"endTime":1177.71,"body":"much sensitive data, and then"},{"speaker":"Daniela Cruzes","startTime":1173.84,"endTime":1177.71,"body":"you're not going to have so many"},{"speaker":"Daniela Cruzes","startTime":1177.71,"endTime":1180.86,"body":"problems with if you don't think"},{"speaker":"Daniela Cruzes","startTime":1177.71,"endTime":1180.86,"body":"that you're going to have"},{"speaker":"Daniela Cruzes","startTime":1180.86,"endTime":1183.89,"body":"problems if the top 10 will ask"},{"speaker":"Daniela Cruzes","startTime":1180.86,"endTime":1183.89,"body":"and your corporate quite well"},{"speaker":"Daniela Cruzes","startTime":1183.89,"endTime":1187.07,"body":"and your team is quite good on"},{"speaker":"Daniela Cruzes","startTime":1183.89,"endTime":1187.07,"body":"doing that already. Or they're"},{"speaker":"Daniela Cruzes","startTime":1187.07,"endTime":1190.64,"body":"quite educated already about"},{"speaker":"Daniela Cruzes","startTime":1187.07,"endTime":1190.64,"body":"that because you know, the"},{"speaker":"Daniela Cruzes","startTime":1190.64,"endTime":1194.15,"body":"majority of them that they know"},{"speaker":"Daniela Cruzes","startTime":1190.64,"endTime":1194.15,"body":"that they are not going to, to"},{"speaker":"Daniela Cruzes","startTime":1194.54,"endTime":1198.26,"body":"to do those issues. Maybe we"},{"speaker":"Daniela Cruzes","startTime":1194.54,"endTime":1198.26,"body":"want to focus on a penetration"},{"speaker":"Daniela Cruzes","startTime":1198.29,"endTime":1202.64,"body":"testing. That's going to be"},{"speaker":"Daniela Cruzes","startTime":1198.29,"endTime":1202.64,"body":"better for your for your team to"},{"speaker":"Daniela Cruzes","startTime":1202.64,"endTime":1206.12,"body":"learn more about like where they"},{"speaker":"Daniela Cruzes","startTime":1202.64,"endTime":1206.12,"body":"are not good enough, right?"},{"speaker":"Espen Johansen","startTime":1207.32,"endTime":1210.92,"body":"Yeah, I could"},{"speaker":"Espen Johansen","startTime":1207.32,"endTime":1210.92,"body":"also argue that if you also add"},{"speaker":"Espen Johansen","startTime":1210.92,"endTime":1213.71,"body":"one more thing, it is the the"},{"speaker":"Espen Johansen","startTime":1210.92,"endTime":1213.71,"body":"actual perceived threat against"},{"speaker":"Espen Johansen","startTime":1213.71,"endTime":1217.85,"body":"you. I believe that's a factor"},{"speaker":"Espen Johansen","startTime":1213.71,"endTime":1217.85,"body":"of your clients. So if you're"},{"speaker":"Espen Johansen","startTime":1217.85,"endTime":1220.67,"body":"developing application to, to"},{"speaker":"Espen Johansen","startTime":1217.85,"endTime":1220.67,"body":"manage hairdressing"},{"speaker":"Espen Johansen","startTime":1220.67,"endTime":1224.24,"body":"appointments, and you're"},{"speaker":"Espen Johansen","startTime":1220.67,"endTime":1224.24,"body":"planning on selling that to"},{"speaker":"Espen Johansen","startTime":1224.24,"endTime":1227.09,"body":"normal hairdressing salons, you"},{"speaker":"Espen Johansen","startTime":1224.24,"endTime":1227.09,"body":"probably will not have the same"},{"speaker":"Espen Johansen","startTime":1228.41,"endTime":1232.73,"body":"kind of risk from from hackers"},{"speaker":"Espen Johansen","startTime":1228.41,"endTime":1232.73,"body":"from American or Russian or"},{"speaker":"Espen Johansen","startTime":1232.73,"endTime":1235.61,"body":"Chinese intelligence, as you"},{"speaker":"Espen Johansen","startTime":1232.73,"endTime":1235.61,"body":"would have if your application"},{"speaker":"Espen Johansen","startTime":1235.61,"endTime":1239.36,"body":"is being developed to, to being"},{"speaker":"Espen Johansen","startTime":1235.61,"endTime":1239.36,"body":"used by for instance, in a"},{"speaker":"Espen Johansen","startTime":1239.36,"endTime":1243.08,"body":"region app for for tracking,"},{"speaker":"Espen Johansen","startTime":1239.36,"endTime":1243.08,"body":"contagion, stuff like that. So"},{"speaker":"Espen Johansen","startTime":1243.74,"endTime":1246.59,"body":"depending on your use case, and"},{"speaker":"Espen Johansen","startTime":1243.74,"endTime":1246.59,"body":"the customers and the data will"},{"speaker":"Espen Johansen","startTime":1246.59,"endTime":1250.01,"body":"have inside, just have to figure"},{"speaker":"Espen Johansen","startTime":1246.59,"endTime":1250.01,"body":"out what's best for you. If If"},{"speaker":"Espen Johansen","startTime":1250.01,"endTime":1253.82,"body":"you feel that you're really,"},{"speaker":"Espen Johansen","startTime":1250.01,"endTime":1253.82,"body":"really harm's way, and you have"},{"speaker":"Espen Johansen","startTime":1253.85,"endTime":1256.82,"body":"to expect visits from some"},{"speaker":"Espen Johansen","startTime":1253.85,"endTime":1256.82,"body":"nation states or some rascals to"},{"speaker":"Espen Johansen","startTime":1256.82,"endTime":1260.6,"body":"they call them, then you should"},{"speaker":"Espen Johansen","startTime":1256.82,"endTime":1260.6,"body":"do the entire stack just do full"},{"speaker":"Espen Johansen","startTime":1260.6,"endTime":1265.07,"body":"Monday. But it is only only"},{"speaker":"Espen Johansen","startTime":1260.6,"endTime":1265.07,"body":"kiddies that's gonna take you,"},{"speaker":"Espen Johansen","startTime":1265.52,"endTime":1267.41,"body":"then you can do less of it."},{"speaker":"Daniela Cruzes","startTime":1268.46,"endTime":1271.34,"body":"And like these"},{"speaker":"Daniela Cruzes","startTime":1268.46,"endTime":1271.34,"body":"little demystifies, perfection,"},{"speaker":"Daniela Cruzes","startTime":1271.49,"endTime":1275.06,"body":"we also have to be aware that"},{"speaker":"Daniela Cruzes","startTime":1271.49,"endTime":1275.06,"body":"the risk changes all the time."},{"speaker":"Daniela Cruzes","startTime":1275.09,"endTime":1278.75,"body":"So then it cannot be like, oh,"},{"speaker":"Daniela Cruzes","startTime":1275.09,"endTime":1278.75,"body":"today I evaluated and it was"},{"speaker":"Daniela Cruzes","startTime":1278.75,"endTime":1281.0,"body":"fine. We don't need to do"},{"speaker":"Daniela Cruzes","startTime":1278.75,"endTime":1281.0,"body":"anything. That doesn't mean that"},{"speaker":"Daniela Cruzes","startTime":1281.0,"endTime":1284.93,"body":"in three months, this is not"},{"speaker":"Daniela Cruzes","startTime":1281.0,"endTime":1284.93,"body":"going to change. So this risk"},{"speaker":"Daniela Cruzes","startTime":1284.96,"endTime":1288.08,"body":"evaluation should be done all"},{"speaker":"Daniela Cruzes","startTime":1284.96,"endTime":1288.08,"body":"the time. You know,"},{"speaker":"Espen Johansen","startTime":1288.14,"endTime":1289.76,"body":"I completely"},{"speaker":"Espen Johansen","startTime":1288.14,"endTime":1289.76,"body":"agree, Danielle. And I think"},{"speaker":"Espen Johansen","startTime":1289.76,"endTime":1292.85,"body":"also, I think I mentioned this"},{"speaker":"Espen Johansen","startTime":1289.76,"endTime":1292.85,"body":"example before, if you don't,"},{"speaker":"Espen Johansen","startTime":1293.27,"endTime":1297.65,"body":"this, this voyage of discovery"},{"speaker":"Espen Johansen","startTime":1293.27,"endTime":1297.65,"body":"that one of our teams had, it's"},{"speaker":"Espen Johansen","startTime":1297.65,"endTime":1300.32,"body":"in a different nation state in"},{"speaker":"Espen Johansen","startTime":1297.65,"endTime":1300.32,"body":"Norway, where I will not mention"},{"speaker":"Espen Johansen","startTime":1300.32,"endTime":1303.77,"body":"the product. But they had this"},{"speaker":"Espen Johansen","startTime":1300.32,"endTime":1303.77,"body":"kind of notion that nobody was"},{"speaker":"Espen Johansen","startTime":1303.77,"endTime":1305.72,"body":"interested in your product,"},{"speaker":"Espen Johansen","startTime":1303.77,"endTime":1305.72,"body":"because all they did was to"},{"speaker":"Espen Johansen","startTime":1305.72,"endTime":1308.9,"body":"travel bills. That was a very"},{"speaker":"Espen Johansen","startTime":1305.72,"endTime":1308.9,"body":"simple kind of job. But but they"},{"speaker":"Espen Johansen","startTime":1308.9,"endTime":1311.54,"body":"suddenly found out that one of"},{"speaker":"Espen Johansen","startTime":1308.9,"endTime":1311.54,"body":"the clients was actually the"},{"speaker":"Espen Johansen","startTime":1311.54,"endTime":1315.23,"body":"head of a nation state, and"},{"speaker":"Espen Johansen","startTime":1311.54,"endTime":1315.23,"body":"former head of that nation state"},{"speaker":"Espen Johansen","startTime":1315.47,"endTime":1319.97,"body":"who use that application to do"},{"speaker":"Espen Johansen","startTime":1315.47,"endTime":1319.97,"body":"his or her travel bills. While"},{"speaker":"Espen Johansen","startTime":1319.97,"endTime":1323.21,"body":"he or she was doing peace talks"},{"speaker":"Espen Johansen","startTime":1319.97,"endTime":1323.21,"body":"in the Middle East, they"},{"speaker":"Espen Johansen","startTime":1323.21,"endTime":1325.91,"body":"suddenly found out that they had"},{"speaker":"Espen Johansen","startTime":1323.21,"endTime":1325.91,"body":"a different set of fit actress"},{"speaker":"Espen Johansen","startTime":1325.91,"endTime":1329.18,"body":"that was attacking them. And"},{"speaker":"Espen Johansen","startTime":1325.91,"endTime":1329.18,"body":"suddenly all that weird logs"},{"speaker":"Espen Johansen","startTime":1329.18,"endTime":1332.48,"body":"with those really accepted"},{"speaker":"Espen Johansen","startTime":1329.18,"endTime":1332.48,"body":"commands. It really made sense."},{"speaker":"Espen Johansen","startTime":1333.17,"endTime":1336.05,"body":"Because of course, that would"},{"speaker":"Espen Johansen","startTime":1333.17,"endTime":1336.05,"body":"interrupt with the interest of"},{"speaker":"Espen Johansen","startTime":1336.05,"endTime":1338.15,"body":"the Israelis, the Americans, the"},{"speaker":"Espen Johansen","startTime":1336.05,"endTime":1338.15,"body":"Russians, the Iranians,"},{"speaker":"Espen Johansen","startTime":1338.15,"endTime":1342.29,"body":"everybody. So you have to know"},{"speaker":"Espen Johansen","startTime":1338.15,"endTime":1342.29,"body":"who your customer is. And why is"},{"speaker":"Espen Johansen","startTime":1342.29,"endTime":1345.65,"body":"using your system. That can be"},{"speaker":"Espen Johansen","startTime":1342.29,"endTime":1345.65,"body":"tricky. So yeah."},{"speaker":"Robby Peralta","startTime":1347.15,"endTime":1350.03,"body":"And that's really"},{"speaker":"Robby Peralta","startTime":1347.15,"endTime":1350.03,"body":"hard. It's not like you get a"},{"speaker":"Robby Peralta","startTime":1350.03,"endTime":1352.73,"body":"text message. Hey, by the way,"},{"speaker":"Robby Peralta","startTime":1350.03,"endTime":1352.73,"body":"you're interesting now for, for"},{"speaker":"Robby Peralta","startTime":1352.73,"endTime":1355.1,"body":"nation state threat actors. So"},{"speaker":"Robby Peralta","startTime":1352.73,"endTime":1355.1,"body":"you have to just like set a set"},{"speaker":"Robby Peralta","startTime":1355.1,"endTime":1357.2,"body":"a date and just go through these"},{"speaker":"Robby Peralta","startTime":1355.1,"endTime":1357.2,"body":"things, or how do you guys"},{"speaker":"Robby Peralta","startTime":1357.2,"endTime":1357.68,"body":"manage that"},{"speaker":"Espen Johansen","startTime":1361.19,"endTime":1363.89,"body":"is actually"},{"speaker":"Espen Johansen","startTime":1361.19,"endTime":1363.89,"body":"quite tricky. But part of that"},{"speaker":"Espen Johansen","startTime":1363.89,"endTime":1367.49,"body":"is is to have awareness"},{"speaker":"Espen Johansen","startTime":1363.89,"endTime":1367.49,"body":"campaigns among salespeople, and"},{"speaker":"Espen Johansen","startTime":1367.49,"endTime":1370.64,"body":"combine that information to a"},{"speaker":"Espen Johansen","startTime":1367.49,"endTime":1370.64,"body":"team. So it's basically letting"},{"speaker":"Espen Johansen","startTime":1370.64,"endTime":1373.64,"body":"the development teams or the"},{"speaker":"Espen Johansen","startTime":1370.64,"endTime":1373.64,"body":"DevOps teams be part of the"},{"speaker":"Espen Johansen","startTime":1373.64,"endTime":1377.45,"body":"sales process, exposing them to"},{"speaker":"Espen Johansen","startTime":1373.64,"endTime":1377.45,"body":"clients. We call it the Trust"},{"speaker":"Espen Johansen","startTime":1377.45,"endTime":1380.09,"body":"Center, or the level three talk."},{"speaker":"Espen Johansen","startTime":1377.45,"endTime":1380.09,"body":"That's one of the methodologies"},{"speaker":"Espen Johansen","startTime":1380.09,"endTime":1383.6,"body":"of use, is to try to get the"},{"speaker":"Espen Johansen","startTime":1380.09,"endTime":1383.6,"body":"development team engaged with"},{"speaker":"Espen Johansen","startTime":1383.6,"endTime":1386.57,"body":"the end client, getting to know"},{"speaker":"Espen Johansen","startTime":1383.6,"endTime":1386.57,"body":"that there are actual customers"},{"speaker":"Espen Johansen","startTime":1386.57,"endTime":1388.97,"body":"there, we have names, there are"},{"speaker":"Espen Johansen","startTime":1386.57,"endTime":1388.97,"body":"people and they do stuff with"},{"speaker":"Espen Johansen","startTime":1388.97,"endTime":1392.12,"body":"your with your things. The"},{"speaker":"Espen Johansen","startTime":1388.97,"endTime":1392.12,"body":"other, the other part of that"},{"speaker":"Espen Johansen","startTime":1392.12,"endTime":1395.06,"body":"solution is to have decent"},{"speaker":"Espen Johansen","startTime":1392.12,"endTime":1395.06,"body":"threat intelligence systems in"},{"speaker":"Espen Johansen","startTime":1395.06,"endTime":1397.91,"body":"place, just to understand what"},{"speaker":"Espen Johansen","startTime":1395.06,"endTime":1397.91,"body":"does the basic critters out"},{"speaker":"Espen Johansen","startTime":1397.91,"endTime":1401.69,"body":"there do? So the usual suspects,"},{"speaker":"Espen Johansen","startTime":1397.91,"endTime":1401.69,"body":"but current methodologies, what"},{"speaker":"Espen Johansen","startTime":1401.69,"endTime":1405.77,"body":"are they after? And then see for"},{"speaker":"Espen Johansen","startTime":1401.69,"endTime":1405.77,"body":"big changes in that structure, I"},{"speaker":"Espen Johansen","startTime":1405.77,"endTime":1410.21,"body":"think the best example from from"},{"speaker":"Espen Johansen","startTime":1405.77,"endTime":1410.21,"body":"recent history is the emergence"},{"speaker":"Espen Johansen","startTime":1410.21,"endTime":1414.83,"body":"of this global kind of package"},{"speaker":"Espen Johansen","startTime":1410.21,"endTime":1414.83,"body":"from from Russian Intel, when it"},{"speaker":"Espen Johansen","startTime":1414.83,"endTime":1418.64,"body":"can lead to a new attack vector"},{"speaker":"Espen Johansen","startTime":1414.83,"endTime":1418.64,"body":"against Linux based systems. So"},{"speaker":"Espen Johansen","startTime":1418.67,"endTime":1421.22,"body":"most of these have been feeling"},{"speaker":"Espen Johansen","startTime":1418.67,"endTime":1421.22,"body":"quite safe if they have been"},{"speaker":"Espen Johansen","startTime":1421.22,"endTime":1424.13,"body":"using Linux based system for a"},{"speaker":"Espen Johansen","startTime":1421.22,"endTime":1424.13,"body":"while. And then suddenly, this"},{"speaker":"Espen Johansen","startTime":1424.16,"endTime":1428.54,"body":"emerged, it was kind of released"},{"speaker":"Espen Johansen","startTime":1424.16,"endTime":1428.54,"body":"by by some American, I think was"},{"speaker":"Espen Johansen","startTime":1428.54,"endTime":1432.08,"body":"a governmental effort that"},{"speaker":"Espen Johansen","startTime":1428.54,"endTime":1432.08,"body":"carefully said information that"},{"speaker":"Espen Johansen","startTime":1432.08,"endTime":1436.04,"body":"basically spawned a lot of"},{"speaker":"Espen Johansen","startTime":1432.08,"endTime":1436.04,"body":"activity for the ones who might"},{"speaker":"Espen Johansen","startTime":1436.04,"endTime":1439.58,"body":"be vulnerable, just by knowing"},{"speaker":"Espen Johansen","startTime":1436.04,"endTime":1439.58,"body":"who the actors are, how they"},{"speaker":"Espen Johansen","startTime":1439.58,"endTime":1443.78,"body":"act. You can also pick some of"},{"speaker":"Espen Johansen","startTime":1439.58,"endTime":1443.78,"body":"that up, but essentially, just"},{"speaker":"Espen Johansen","startTime":1443.81,"endTime":1447.56,"body":"know who your customer are token"},{"speaker":"Espen Johansen","startTime":1443.81,"endTime":1447.56,"body":"sales, become accustomed to"},{"speaker":"Espen Johansen","startTime":1447.56,"endTime":1447.92,"body":"doing that."},{"speaker":"Daniela Cruzes","startTime":1448.29,"endTime":1450.42,"body":"Yeah, find small"},{"speaker":"Daniela Cruzes","startTime":1448.29,"endTime":1450.42,"body":"companies once that you don't"},{"speaker":"Daniela Cruzes","startTime":1450.42,"endTime":1455.7,"body":"have all the tools that Lisa has"},{"speaker":"Daniela Cruzes","startTime":1450.42,"endTime":1455.7,"body":"available. We we try to focus"},{"speaker":"Daniela Cruzes","startTime":1455.7,"endTime":1460.71,"body":"quite a lot on doing threat"},{"speaker":"Daniela Cruzes","startTime":1455.7,"endTime":1460.71,"body":"landscape quite often. So just"},{"speaker":"Daniela Cruzes","startTime":1460.74,"endTime":1463.62,"body":"doing this discussion, again of"},{"speaker":"Daniela Cruzes","startTime":1460.74,"endTime":1463.62,"body":"like, what is our threats"},{"speaker":"Daniela Cruzes","startTime":1463.62,"endTime":1468.27,"body":"landscape? Now? How does it look"},{"speaker":"Daniela Cruzes","startTime":1463.62,"endTime":1468.27,"body":"like who is it who is interested"},{"speaker":"Daniela Cruzes","startTime":1468.27,"endTime":1472.11,"body":"in anything about us? It can be"},{"speaker":"Daniela Cruzes","startTime":1468.27,"endTime":1472.11,"body":"that's not data, it can be that"},{"speaker":"Daniela Cruzes","startTime":1472.14,"endTime":1476.07,"body":"the reputation of your company,"},{"speaker":"Daniela Cruzes","startTime":1472.14,"endTime":1476.07,"body":"it can be that like now, we are"},{"speaker":"Daniela Cruzes","startTime":1476.07,"endTime":1480.12,"body":"changing markets, and then there"},{"speaker":"Daniela Cruzes","startTime":1476.07,"endTime":1480.12,"body":"will be new threats related to"},{"speaker":"Daniela Cruzes","startTime":1480.12,"endTime":1483.99,"body":"these new markets, right? So all"},{"speaker":"Daniela Cruzes","startTime":1480.12,"endTime":1483.99,"body":"these discussions, you can just"},{"speaker":"Daniela Cruzes","startTime":1483.99,"endTime":1487.14,"body":"like set up meetings and do at"},{"speaker":"Daniela Cruzes","startTime":1483.99,"endTime":1487.14,"body":"least that and if you have"},{"speaker":"Daniela Cruzes","startTime":1487.14,"endTime":1491.07,"body":"security experts or people that"},{"speaker":"Daniela Cruzes","startTime":1487.14,"endTime":1491.07,"body":"are more interested in security,"},{"speaker":"Daniela Cruzes","startTime":1491.07,"endTime":1493.59,"body":"they will be able to at least"},{"speaker":"Daniela Cruzes","startTime":1491.07,"endTime":1493.59,"body":"help a little bit on that."},{"speaker":"Robby Peralta","startTime":1496.62,"endTime":1498.6,"body":"But hey, you to"},{"speaker":"Robby Peralta","startTime":1496.62,"endTime":1498.6,"body":"put your heads together and you"},{"speaker":"Robby Peralta","startTime":1498.6,"endTime":1504.45,"body":"wrote a paper called Building an"},{"speaker":"Robby Peralta","startTime":1498.6,"endTime":1504.45,"body":"ambidextrous software security"},{"speaker":"Robby Peralta","startTime":1504.51,"endTime":1507.42,"body":"initiative? Who wants to explain"},{"speaker":"Robby Peralta","startTime":1504.51,"endTime":1507.42,"body":"that one to me?"},{"speaker":"Daniela Cruzes","startTime":1513.6,"endTime":1516.45,"body":"yeah, actually"},{"speaker":"Daniela Cruzes","startTime":1513.6,"endTime":1516.45,"body":"like him dexterity is just to"},{"speaker":"Daniela Cruzes","startTime":1516.45,"endTime":1522.3,"body":"give a fancy name to what these"},{"speaker":"Daniela Cruzes","startTime":1516.45,"endTime":1522.3,"body":"models doing. Our main thing was"},{"speaker":"Daniela Cruzes","startTime":1522.3,"endTime":1527.97,"body":"to try to explain, try to model"},{"speaker":"Daniela Cruzes","startTime":1522.3,"endTime":1527.97,"body":"what Aspen was doing in"},{"speaker":"Daniela Cruzes","startTime":1527.97,"endTime":1533.1,"body":"basement, that I think it was"},{"speaker":"Daniela Cruzes","startTime":1527.97,"endTime":1533.1,"body":"successful. So it's basically"},{"speaker":"Daniela Cruzes","startTime":1533.1,"endTime":1536.43,"body":"this top down and bottom up"},{"speaker":"Daniela Cruzes","startTime":1533.1,"endTime":1536.43,"body":"approach. And that's why is"},{"speaker":"Daniela Cruzes","startTime":1536.43,"endTime":1541.23,"body":"ambidextrous. And we try to"},{"speaker":"Daniela Cruzes","startTime":1536.43,"endTime":1541.23,"body":"model those in for ease that is"},{"speaker":"Daniela Cruzes","startTime":1541.26,"endTime":1543.21,"body":"enabling and guiding."},{"speaker":"Espen Johansen","startTime":1545.22,"endTime":1546.3,"body":"Ensuring,"},{"speaker":"Daniela Cruzes","startTime":1546.78,"endTime":1548.19,"body":"ensuring and"},{"speaker":"Espen Johansen","startTime":1550.38,"endTime":1551.04,"body":"you can do this."},{"speaker":"Espen Johansen","startTime":1557.07,"endTime":1563.76,"body":"It's empowering. And yes."},{"speaker":"Espen Johansen","startTime":1557.07,"endTime":1563.76,"body":"Please, Robby, you have to give"},{"speaker":"Espen Johansen","startTime":1563.76,"endTime":1569.4,"body":"us a T the credibility of the"},{"speaker":"Espen Johansen","startTime":1563.76,"endTime":1569.4,"body":"doubt it is. Our enabling"},{"speaker":"Espen Johansen","startTime":1569.4,"endTime":1570.6,"body":"betting? Sure, come on."},{"speaker":"Daniela Cruzes","startTime":1571.92,"endTime":1574.44,"body":"Espen has been"},{"speaker":"Daniela Cruzes","startTime":1571.92,"endTime":1574.44,"body":"talking much more about this,"},{"speaker":"Daniela Cruzes","startTime":1574.44,"endTime":1580.71,"body":"then I so then I hit sometimes"},{"speaker":"Daniela Cruzes","startTime":1574.44,"endTime":1580.71,"body":"forget before is over. But the"},{"speaker":"Daniela Cruzes","startTime":1580.71,"endTime":1584.28,"body":"main thing is that was like how"},{"speaker":"Daniela Cruzes","startTime":1580.71,"endTime":1584.28,"body":"do you create activities that"},{"speaker":"Daniela Cruzes","startTime":1584.28,"endTime":1588.81,"body":"are top down, but also that are"},{"speaker":"Daniela Cruzes","startTime":1584.28,"endTime":1588.81,"body":"bottom up. So the main thing"},{"speaker":"Daniela Cruzes","startTime":1588.81,"endTime":1591.9,"body":"with this self management again,"},{"speaker":"Daniela Cruzes","startTime":1588.81,"endTime":1591.9,"body":"that was also like it's"},{"speaker":"Daniela Cruzes","startTime":1591.9,"endTime":1595.68,"body":"something that has to be very,"},{"speaker":"Daniela Cruzes","startTime":1591.9,"endTime":1595.68,"body":"intrinsic in dexterity in the"},{"speaker":"Daniela Cruzes","startTime":1595.68,"endTime":1600.9,"body":"program is that even though we"},{"speaker":"Daniela Cruzes","startTime":1595.68,"endTime":1600.9,"body":"want the teams to be empowered,"},{"speaker":"Daniela Cruzes","startTime":1600.93,"endTime":1606.51,"body":"we want the teams to be knowing"},{"speaker":"Daniela Cruzes","startTime":1600.93,"endTime":1606.51,"body":"what to do. Sometimes they also"},{"speaker":"Daniela Cruzes","startTime":1606.51,"endTime":1611.28,"body":"need some top down approach. So"},{"speaker":"Daniela Cruzes","startTime":1606.51,"endTime":1611.28,"body":"they also need to know like,"},{"speaker":"Daniela Cruzes","startTime":1611.28,"endTime":1615.03,"body":"Okay, what is the most important"},{"speaker":"Daniela Cruzes","startTime":1611.28,"endTime":1615.03,"body":"thing for us to start doing like"},{"speaker":"Daniela Cruzes","startTime":1615.03,"endTime":1618.57,"body":"you'd like to ask now, right?"},{"speaker":"Daniela Cruzes","startTime":1615.03,"endTime":1618.57,"body":"And then sometimes these have to"},{"speaker":"Daniela Cruzes","startTime":1618.57,"endTime":1622.68,"body":"be like setups top down, because"},{"speaker":"Daniela Cruzes","startTime":1618.57,"endTime":1622.68,"body":"then we have to tell them, this"},{"speaker":"Daniela Cruzes","startTime":1622.68,"endTime":1625.71,"body":"is what we are, we think that is"},{"speaker":"Daniela Cruzes","startTime":1622.68,"endTime":1625.71,"body":"going to give the best benefits"},{"speaker":"Daniela Cruzes","startTime":1625.71,"endTime":1629.43,"body":"for visma. For example, you"},{"speaker":"Daniela Cruzes","startTime":1625.71,"endTime":1629.43,"body":"know, so then it's not cannot be"},{"speaker":"Daniela Cruzes","startTime":1629.43,"endTime":1632.25,"body":"fought like each team. For"},{"speaker":"Daniela Cruzes","startTime":1629.43,"endTime":1632.25,"body":"example, let's say that in"},{"speaker":"Daniela Cruzes","startTime":1632.25,"endTime":1635.91,"body":"visma, you have like almost 300"},{"speaker":"Daniela Cruzes","startTime":1632.25,"endTime":1635.91,"body":"teams now, right is, let's say"},{"speaker":"Daniela Cruzes","startTime":1635.91,"endTime":1639.03,"body":"that each one of the teams would"},{"speaker":"Daniela Cruzes","startTime":1635.91,"endTime":1639.03,"body":"decide to use a totally"},{"speaker":"Daniela Cruzes","startTime":1639.03,"endTime":1643.59,"body":"different static analysis tool."},{"speaker":"Daniela Cruzes","startTime":1639.03,"endTime":1643.59,"body":"Imagine how this is hard to"},{"speaker":"Daniela Cruzes","startTime":1643.59,"endTime":1649.29,"body":"maintain to, to to do like cost"},{"speaker":"Daniela Cruzes","startTime":1643.59,"endTime":1649.29,"body":"evaluation, or to do any type of"},{"speaker":"Daniela Cruzes","startTime":1649.29,"endTime":1653.55,"body":"evaluation of like how you're"},{"speaker":"Daniela Cruzes","startTime":1649.29,"endTime":1653.55,"body":"doing it, right, there should be"},{"speaker":"Daniela Cruzes","startTime":1653.55,"endTime":1657.0,"body":"some balance there that you"},{"speaker":"Daniela Cruzes","startTime":1653.55,"endTime":1657.0,"body":"should do between top down and"},{"speaker":"Daniela Cruzes","startTime":1657.0,"endTime":1660.6,"body":"bottom up. Because we can also"},{"speaker":"Daniela Cruzes","startTime":1657.0,"endTime":1660.6,"body":"not tell the teams to like do"},{"speaker":"Daniela Cruzes","startTime":1660.6,"endTime":1663.57,"body":"this way. And everything that"},{"speaker":"Daniela Cruzes","startTime":1660.6,"endTime":1663.57,"body":"you're going to do is this way,"},{"speaker":"Daniela Cruzes","startTime":1663.57,"endTime":1666.78,"body":"because then where is the self"},{"speaker":"Daniela Cruzes","startTime":1663.57,"endTime":1666.78,"body":"management of the team going,"},{"speaker":"Daniela Cruzes","startTime":1666.9,"endTime":1670.02,"body":"right. And that's not what our"},{"speaker":"Daniela Cruzes","startTime":1666.9,"endTime":1670.02,"body":"job is going to be about. And"},{"speaker":"Daniela Cruzes","startTime":1670.02,"endTime":1673.08,"body":"then they're just going to be"},{"speaker":"Daniela Cruzes","startTime":1670.02,"endTime":1673.08,"body":"following recipes. And that's"},{"speaker":"Daniela Cruzes","startTime":1673.08,"endTime":1676.71,"body":"not what we wanted. So we wanted"},{"speaker":"Daniela Cruzes","startTime":1673.08,"endTime":1676.71,"body":"also to in this process of"},{"speaker":"Daniela Cruzes","startTime":1676.71,"endTime":1681.84,"body":"creating some way to to go for"},{"speaker":"Daniela Cruzes","startTime":1676.71,"endTime":1681.84,"body":"security for the good enough"},{"speaker":"Daniela Cruzes","startTime":1681.84,"endTime":1684.96,"body":"security for them to also they"},{"speaker":"Daniela Cruzes","startTime":1681.84,"endTime":1684.96,"body":"have the flexibility to say"},{"speaker":"Daniela Cruzes","startTime":1684.96,"endTime":1688.59,"body":"okay, but in our team, this is"},{"speaker":"Daniela Cruzes","startTime":1684.96,"endTime":1688.59,"body":"how we want to do, this is what"},{"speaker":"Daniela Cruzes","startTime":1688.59,"endTime":1692.07,"body":"we think that is the most"},{"speaker":"Daniela Cruzes","startTime":1688.59,"endTime":1692.07,"body":"effective for security. And this"},{"speaker":"Daniela Cruzes","startTime":1692.07,"endTime":1696.36,"body":"is what we want to to bend a"},{"speaker":"Daniela Cruzes","startTime":1692.07,"endTime":1696.36,"body":"little bit on the rules that you"},{"speaker":"Daniela Cruzes","startTime":1696.36,"endTime":1701.16,"body":"are setting for us, you know, so"},{"speaker":"Daniela Cruzes","startTime":1696.36,"endTime":1701.16,"body":"then that is what we tried to do"},{"speaker":"Daniela Cruzes","startTime":1701.16,"endTime":1705.03,"body":"as much as we can. And of"},{"speaker":"Daniela Cruzes","startTime":1701.16,"endTime":1705.03,"body":"course, like for example, Visma"},{"speaker":"Daniela Cruzes","startTime":1705.27,"endTime":1709.89,"body":"like, top down management cannot"},{"speaker":"Daniela Cruzes","startTime":1705.27,"endTime":1709.89,"body":"know specifically, what are the"},{"speaker":"Daniela Cruzes","startTime":1709.92,"endTime":1713.79,"body":"problems that can have in each"},{"speaker":"Daniela Cruzes","startTime":1709.92,"endTime":1713.79,"body":"one of the product security."},{"speaker":"Daniela Cruzes","startTime":1713.91,"endTime":1717.93,"body":"Right? So then the teams are the"},{"speaker":"Daniela Cruzes","startTime":1713.91,"endTime":1717.93,"body":"best one to know, okay, these"},{"speaker":"Daniela Cruzes","startTime":1717.93,"endTime":1721.44,"body":"things that we are doing are"},{"speaker":"Daniela Cruzes","startTime":1717.93,"endTime":1721.44,"body":"good, but not good enough. We"},{"speaker":"Daniela Cruzes","startTime":1721.44,"endTime":1724.11,"body":"need to do better than that."},{"speaker":"Daniela Cruzes","startTime":1721.44,"endTime":1724.11,"body":"Because it's going to be for our"},{"speaker":"Daniela Cruzes","startTime":1724.11,"endTime":1725.88,"body":"products, what is the best thing"},{"speaker":"Daniela Cruzes","startTime":1724.11,"endTime":1725.88,"body":"to do?"},{"speaker":"Robby Peralta","startTime":1726.65,"endTime":1728.21,"body":"Hmm, can you give"},{"speaker":"Robby Peralta","startTime":1726.65,"endTime":1728.21,"body":"us some examples that's been"},{"speaker":"Robby Peralta","startTime":1728.21,"endTime":1730.64,"body":"about how you actually did that"},{"speaker":"Robby Peralta","startTime":1728.21,"endTime":1730.64,"body":"and practice some food for"},{"speaker":"Robby Peralta","startTime":1730.64,"endTime":1731.75,"body":"thought for the listeners."},{"speaker":"Espen Johansen","startTime":1732.56,"endTime":1736.19,"body":"Yeah, so the"},{"speaker":"Espen Johansen","startTime":1732.56,"endTime":1736.19,"body":"four E's that empower enabling,"},{"speaker":"Espen Johansen","startTime":1736.19,"endTime":1739.07,"body":"but ensure they have kind of"},{"speaker":"Espen Johansen","startTime":1736.19,"endTime":1739.07,"body":"different connotation to them."},{"speaker":"Espen Johansen","startTime":1739.1,"endTime":1743.51,"body":"So the empowering part. So when"},{"speaker":"Espen Johansen","startTime":1739.1,"endTime":1743.51,"body":"you are a software developer,"},{"speaker":"Espen Johansen","startTime":1743.51,"endTime":1746.39,"body":"you have a you're part of a"},{"speaker":"Espen Johansen","startTime":1743.51,"endTime":1746.39,"body":"team, there's five or 10 of you,"},{"speaker":"Espen Johansen","startTime":1746.63,"endTime":1749.6,"body":"and you develop this really cool"},{"speaker":"Espen Johansen","startTime":1746.63,"endTime":1749.6,"body":"app, that is really going to be"},{"speaker":"Espen Johansen","startTime":1749.6,"endTime":1753.41,"body":"important for the company. So"},{"speaker":"Espen Johansen","startTime":1749.6,"endTime":1753.41,"body":"you know, interesting that is"},{"speaker":"Espen Johansen","startTime":1753.44,"endTime":1758.06,"body":"only these people in this team,"},{"speaker":"Espen Johansen","startTime":1753.44,"endTime":1758.06,"body":"who will be able to fix any"},{"speaker":"Espen Johansen","startTime":1758.06,"endTime":1760.94,"body":"software problem, this will be"},{"speaker":"Espen Johansen","startTime":1758.06,"endTime":1760.94,"body":"the only one who can fix the bug"},{"speaker":"Espen Johansen","startTime":1760.94,"endTime":1765.95,"body":"themselves. So if I don't"},{"speaker":"Espen Johansen","startTime":1760.94,"endTime":1765.95,"body":"empower them, I can take away"},{"speaker":"Espen Johansen","startTime":1765.95,"endTime":1769.13,"body":"their power if I want to, I can"},{"speaker":"Espen Johansen","startTime":1765.95,"endTime":1769.13,"body":"put them in a program that is"},{"speaker":"Espen Johansen","startTime":1769.13,"endTime":1772.85,"body":"27001 certified, and I can make"},{"speaker":"Espen Johansen","startTime":1769.13,"endTime":1772.85,"body":"them hand over their product to"},{"speaker":"Espen Johansen","startTime":1772.85,"endTime":1775.4,"body":"some kind of operations team"},{"speaker":"Espen Johansen","startTime":1772.85,"endTime":1775.4,"body":"down the line. I can do all"},{"speaker":"Espen Johansen","startTime":1775.4,"endTime":1779.45,"body":"kinds of gateway activities,"},{"speaker":"Espen Johansen","startTime":1775.4,"endTime":1779.45,"body":"just to relieve them of power."},{"speaker":"Espen Johansen","startTime":1780.41,"endTime":1783.62,"body":"But if I slip this all around,"},{"speaker":"Espen Johansen","startTime":1780.41,"endTime":1783.62,"body":"and I say that, okay, you as a"},{"speaker":"Espen Johansen","startTime":1783.62,"endTime":1785.84,"body":"team, we know we acknowledged"},{"speaker":"Espen Johansen","startTime":1783.62,"endTime":1785.84,"body":"the fact that you're the only"},{"speaker":"Espen Johansen","startTime":1785.84,"endTime":1789.17,"body":"one who can fix the problem."},{"speaker":"Espen Johansen","startTime":1785.84,"endTime":1789.17,"body":"When the shit hits the fan. That"},{"speaker":"Espen Johansen","startTime":1789.17,"endTime":1792.86,"body":"means that I have to ensure them"},{"speaker":"Espen Johansen","startTime":1789.17,"endTime":1792.86,"body":"that they have the methodologies"},{"speaker":"Espen Johansen","startTime":1792.86,"endTime":1797.72,"body":"in place. I have to enable them"},{"speaker":"Espen Johansen","startTime":1792.86,"endTime":1797.72,"body":"by giving them trainings by"},{"speaker":"Espen Johansen","startTime":1797.72,"endTime":1801.2,"body":"giving them tools and"},{"speaker":"Espen Johansen","startTime":1797.72,"endTime":1801.2,"body":"methodology. I have to embed"},{"speaker":"Espen Johansen","startTime":1801.38,"endTime":1805.04,"body":"systems in place that that"},{"speaker":"Espen Johansen","startTime":1801.38,"endTime":1805.04,"body":"ensures that empowering is"},{"speaker":"Espen Johansen","startTime":1805.04,"endTime":1808.22,"body":"happening. So the embedding can,"},{"speaker":"Espen Johansen","startTime":1805.04,"endTime":1808.22,"body":"for instance, be having Quality"},{"speaker":"Espen Johansen","startTime":1808.22,"endTime":1812.6,"body":"Management Systems having icms"},{"speaker":"Espen Johansen","startTime":1808.22,"endTime":1812.6,"body":"in place that reflects that the"},{"speaker":"Espen Johansen","startTime":1812.6,"endTime":1817.13,"body":"power is actually with the"},{"speaker":"Espen Johansen","startTime":1812.6,"endTime":1817.13,"body":"developer. And so when you do"},{"speaker":"Espen Johansen","startTime":1817.13,"endTime":1820.46,"body":"this in practice, I think one of"},{"speaker":"Espen Johansen","startTime":1817.13,"endTime":1820.46,"body":"the simplest things to empower"},{"speaker":"Espen Johansen","startTime":1820.46,"endTime":1824.09,"body":"them is to make the meet the"},{"speaker":"Espen Johansen","startTime":1820.46,"endTime":1824.09,"body":"actual source of power. So a"},{"speaker":"Espen Johansen","startTime":1824.09,"endTime":1826.94,"body":"developer who meets the"},{"speaker":"Espen Johansen","startTime":1824.09,"endTime":1826.94,"body":"customer, that is ultimate"},{"speaker":"Espen Johansen","startTime":1826.94,"endTime":1830.78,"body":"power, skip sales, or skips"},{"speaker":"Espen Johansen","startTime":1826.94,"endTime":1830.78,"body":"marketing skips everything, the"},{"speaker":"Espen Johansen","startTime":1830.78,"endTime":1834.44,"body":"developer meets the client. And"},{"speaker":"Espen Johansen","startTime":1830.78,"endTime":1834.44,"body":"good thing and that interaction"},{"speaker":"Espen Johansen","startTime":1834.44,"endTime":1837.62,"body":"is so many, one of them is that"},{"speaker":"Espen Johansen","startTime":1834.44,"endTime":1837.62,"body":"the client is able to give"},{"speaker":"Espen Johansen","startTime":1837.83,"endTime":1841.67,"body":"security requirements directly"},{"speaker":"Espen Johansen","startTime":1837.83,"endTime":1841.67,"body":"to the developer doesn't have to"},{"speaker":"Espen Johansen","startTime":1841.67,"endTime":1845.93,"body":"go down to seven translation"},{"speaker":"Espen Johansen","startTime":1841.67,"endTime":1845.93,"body":"layers. And this really does"},{"speaker":"Espen Johansen","startTime":1845.93,"endTime":1852.02,"body":"miracles for the autonomous"},{"speaker":"Espen Johansen","startTime":1845.93,"endTime":1852.02,"body":"behavioral, or video autonomous"},{"speaker":"Espen Johansen","startTime":1853.19,"endTime":1857.3,"body":"functioning of the team, they"},{"speaker":"Espen Johansen","startTime":1853.19,"endTime":1857.3,"body":"become more self manage, they"},{"speaker":"Espen Johansen","startTime":1857.3,"endTime":1860.48,"body":"understand more things. But all"},{"speaker":"Espen Johansen","startTime":1857.3,"endTime":1860.48,"body":"of this comes at Of course, some"},{"speaker":"Espen Johansen","startTime":1860.48,"endTime":1864.71,"body":"cost, I would say, because this"},{"speaker":"Espen Johansen","startTime":1860.48,"endTime":1864.71,"body":"self management drives"},{"speaker":"Espen Johansen","startTime":1865.19,"endTime":1867.53,"body":"autonomous behavior patterns"},{"speaker":"Espen Johansen","startTime":1865.19,"endTime":1867.53,"body":"that drives them in different"},{"speaker":"Espen Johansen","startTime":1867.53,"endTime":1870.14,"body":"directions, they want to"},{"speaker":"Espen Johansen","startTime":1867.53,"endTime":1870.14,"body":"experiment a bit more on the on"},{"speaker":"Espen Johansen","startTime":1870.14,"endTime":1873.53,"body":"the lower levels. So you have to"},{"speaker":"Espen Johansen","startTime":1870.14,"endTime":1873.53,"body":"be really interested, you have"},{"speaker":"Espen Johansen","startTime":1873.53,"endTime":1877.85,"body":"to like the fact that they will"},{"speaker":"Espen Johansen","startTime":1873.53,"endTime":1877.85,"body":"be challenging you. They kind of"},{"speaker":"Espen Johansen","startTime":1877.85,"endTime":1882.62,"body":"like racing kids. So I presume"},{"speaker":"Espen Johansen","startTime":1877.85,"endTime":1882.62,"body":"they will be everybody will be"},{"speaker":"Espen Johansen","startTime":1882.62,"endTime":1884.96,"body":"different. And you have to"},{"speaker":"Espen Johansen","startTime":1882.62,"endTime":1884.96,"body":"acknowledge them for the"},{"speaker":"Espen Johansen","startTime":1884.96,"endTime":1888.23,"body":"differences and celebrate them"},{"speaker":"Espen Johansen","startTime":1884.96,"endTime":1888.23,"body":"instead of churning everybody"},{"speaker":"Espen Johansen","startTime":1888.23,"endTime":1892.52,"body":"into the same mold. Because they"},{"speaker":"Espen Johansen","startTime":1888.23,"endTime":1892.52,"body":"deserve to be different. So I"},{"speaker":"Espen Johansen","startTime":1892.52,"endTime":1896.69,"body":"like this model. And this, this"},{"speaker":"Espen Johansen","startTime":1892.52,"endTime":1896.69,"body":"beautiful combination of top"},{"speaker":"Espen Johansen","startTime":1896.69,"endTime":1900.17,"body":"down and bottom up, that really"},{"speaker":"Espen Johansen","startTime":1896.69,"endTime":1900.17,"body":"resonates to at least in this"},{"speaker":"Espen Johansen","startTime":1900.17,"endTime":1903.14,"body":"migration as well, especially"},{"speaker":"Espen Johansen","startTime":1900.17,"endTime":1903.14,"body":"since we acquire lots of"},{"speaker":"Espen Johansen","startTime":1903.14,"endTime":1906.17,"body":"companies, that's one of the"},{"speaker":"Espen Johansen","startTime":1903.14,"endTime":1906.17,"body":"things we do. So we have to"},{"speaker":"Espen Johansen","startTime":1906.17,"endTime":1910.34,"body":"treat them differently. And we"},{"speaker":"Espen Johansen","startTime":1906.17,"endTime":1910.34,"body":"have to acknowledge that they"},{"speaker":"Espen Johansen","startTime":1910.34,"endTime":1913.49,"body":"have survived it for so many"},{"speaker":"Espen Johansen","startTime":1910.34,"endTime":1913.49,"body":"years. And we don't want to"},{"speaker":"Espen Johansen","startTime":1913.49,"endTime":1915.83,"body":"change them, we don't want to"},{"speaker":"Espen Johansen","startTime":1913.49,"endTime":1915.83,"body":"merge them into some kind of"},{"speaker":"Espen Johansen","startTime":1915.86,"endTime":1918.86,"body":"pourish when we buy them. We"},{"speaker":"Espen Johansen","startTime":1915.86,"endTime":1918.86,"body":"want them to retain their"},{"speaker":"Espen Johansen","startTime":1918.86,"endTime":1922.31,"body":"independence. So it makes sense"},{"speaker":"Espen Johansen","startTime":1918.86,"endTime":1922.31,"body":"in our use case."},{"speaker":"Robby Peralta","startTime":1923.09,"endTime":1925.4,"body":"I hope that I"},{"speaker":"Robby Peralta","startTime":1923.09,"endTime":1925.4,"body":"hope the customers are nicer to"},{"speaker":"Robby Peralta","startTime":1925.4,"endTime":1927.53,"body":"the developers than they are"},{"speaker":"Robby Peralta","startTime":1925.4,"endTime":1927.53,"body":"with the sales guys. But uh,"},{"speaker":"Espen Johansen","startTime":1928.4,"endTime":1933.44,"body":"Oh, yes. No,"},{"speaker":"Espen Johansen","startTime":1928.4,"endTime":1933.44,"body":"they are. And then the the some"},{"speaker":"Espen Johansen","startTime":1933.44,"endTime":1935.84,"body":"of the learning, let's see some"},{"speaker":"Espen Johansen","startTime":1933.44,"endTime":1935.84,"body":"of the developers to kind of"},{"speaker":"Espen Johansen","startTime":1935.84,"endTime":1939.74,"body":"find this menu can be quite"},{"speaker":"Espen Johansen","startTime":1935.84,"endTime":1939.74,"body":"scary. The first time Hmm. But"},{"speaker":"Espen Johansen","startTime":1940.01,"endTime":1942.29,"body":"at once they understand that"},{"speaker":"Espen Johansen","startTime":1940.01,"endTime":1942.29,"body":"this is actually about our"},{"speaker":"Espen Johansen","startTime":1942.29,"endTime":1945.89,"body":"transformation, it is the"},{"speaker":"Espen Johansen","startTime":1942.29,"endTime":1945.89,"body":"customer is always the power, it"},{"speaker":"Espen Johansen","startTime":1945.89,"endTime":1948.65,"body":"is never the managing director"},{"speaker":"Espen Johansen","startTime":1945.89,"endTime":1948.65,"body":"or the chairman of the board. It"},{"speaker":"Espen Johansen","startTime":1948.65,"endTime":1951.05,"body":"is the customer who has the"},{"speaker":"Espen Johansen","startTime":1948.65,"endTime":1951.05,"body":"ultimate power in any private"},{"speaker":"Espen Johansen","startTime":1951.05,"endTime":1954.53,"body":"enterprise. And the ones who"},{"speaker":"Espen Johansen","startTime":1951.05,"endTime":1954.53,"body":"have connections with those,"},{"speaker":"Espen Johansen","startTime":1954.8,"endTime":1958.61,"body":"they have the actual power. So"},{"speaker":"Espen Johansen","startTime":1954.8,"endTime":1958.61,"body":"that is where I see the actual"},{"speaker":"Espen Johansen","startTime":1958.61,"endTime":1963.23,"body":"power transaction happening, but"},{"speaker":"Espen Johansen","startTime":1958.61,"endTime":1963.23,"body":"also to empower them. In the"},{"speaker":"Espen Johansen","startTime":1963.23,"endTime":1966.14,"body":"normal the normal job is"},{"speaker":"Espen Johansen","startTime":1963.23,"endTime":1966.14,"body":"basically how do you set"},{"speaker":"Espen Johansen","startTime":1966.41,"endTime":1971.33,"body":"thresholds on what is good and"},{"speaker":"Espen Johansen","startTime":1966.41,"endTime":1971.33,"body":"what is bad. We help them we are"},{"speaker":"Espen Johansen","startTime":1971.33,"endTime":1974.21,"body":"security experts, we try to help"},{"speaker":"Espen Johansen","startTime":1971.33,"endTime":1974.21,"body":"them assisting them in setting"},{"speaker":"Espen Johansen","startTime":1974.21,"endTime":1977.63,"body":"these thresholds. But the"},{"speaker":"Espen Johansen","startTime":1974.21,"endTime":1977.63,"body":"ultimate decisions always have"},{"speaker":"Espen Johansen","startTime":1977.63,"endTime":1981.71,"body":"to happen as far down as"},{"speaker":"Espen Johansen","startTime":1977.63,"endTime":1981.71,"body":"possible, as close to the core"},{"speaker":"Espen Johansen","startTime":1981.71,"endTime":1986.0,"body":"of the company, which is the"},{"speaker":"Espen Johansen","startTime":1981.71,"endTime":1986.0,"body":"developers. And if everything"},{"speaker":"Espen Johansen","startTime":1986.0,"endTime":1990.11,"body":"has been done right, the DevOps"},{"speaker":"Espen Johansen","startTime":1986.0,"endTime":1990.11,"body":"team will also have the needed"},{"speaker":"Espen Johansen","startTime":1990.11,"endTime":1994.91,"body":"competency on networks, all the"},{"speaker":"Espen Johansen","startTime":1990.11,"endTime":1994.91,"body":"normal bits and bobs of the old"},{"speaker":"Espen Johansen","startTime":1994.91,"endTime":1998.69,"body":"IT security industry. So I would"},{"speaker":"Espen Johansen","startTime":1994.91,"endTime":1998.69,"body":"actually agree with Daniela,"},{"speaker":"Espen Johansen","startTime":1998.72,"endTime":2003.25,"body":"this Venus and Mars analogy is"},{"speaker":"Espen Johansen","startTime":1998.72,"endTime":2003.25,"body":"beautiful. Because it basically"},{"speaker":"Espen Johansen","startTime":2003.31,"endTime":2007.0,"body":"pinpoint some of the things that"},{"speaker":"Espen Johansen","startTime":2003.31,"endTime":2007.0,"body":"we see. So the classic artists"},{"speaker":"Espen Johansen","startTime":2007.0,"endTime":2011.02,"body":"of your industry, where it came"},{"speaker":"Espen Johansen","startTime":2007.0,"endTime":2011.02,"body":"from, I don't see that anywhere"},{"speaker":"Espen Johansen","startTime":2011.08,"endTime":2013.9,"body":"in my new field, apart from some"},{"speaker":"Espen Johansen","startTime":2011.08,"endTime":2013.9,"body":"companies like the mnemonic and"},{"speaker":"Espen Johansen","startTime":2013.9,"endTime":2018.16,"body":"a couple of others is actually"},{"speaker":"Espen Johansen","startTime":2013.9,"endTime":2018.16,"body":"in that field. Today, the rest"},{"speaker":"Espen Johansen","startTime":2018.16,"endTime":2022.24,"body":"is in longtail environments and"},{"speaker":"Espen Johansen","startTime":2018.16,"endTime":2022.24,"body":"selling off all firewalls like"},{"speaker":"Espen Johansen","startTime":2022.24,"endTime":2027.43,"body":"they did 20 years ago. Time to"},{"speaker":"Espen Johansen","startTime":2022.24,"endTime":2027.43,"body":"move on, guys. Yeah."},{"speaker":"Daniela Cruzes","startTime":2028.95,"endTime":2032.19,"body":"And and one"},{"speaker":"Daniela Cruzes","startTime":2028.95,"endTime":2032.19,"body":"thing that he might I came to my"},{"speaker":"Daniela Cruzes","startTime":2032.19,"endTime":2035.37,"body":"mind, again, when Aspen was"},{"speaker":"Daniela Cruzes","startTime":2032.19,"endTime":2035.37,"body":"talking is that even though we"},{"speaker":"Daniela Cruzes","startTime":2035.37,"endTime":2039.66,"body":"have the four E's, there are"},{"speaker":"Daniela Cruzes","startTime":2035.37,"endTime":2039.66,"body":"things that are behind all this"},{"speaker":"Daniela Cruzes","startTime":2039.66,"endTime":2044.22,"body":"that it will not work if you"},{"speaker":"Daniela Cruzes","startTime":2039.66,"endTime":2044.22,"body":"don't have that is trust. So"},{"speaker":"Daniela Cruzes","startTime":2044.22,"endTime":2047.46,"body":"like when Espen says it's like,"},{"speaker":"Daniela Cruzes","startTime":2044.22,"endTime":2047.46,"body":"okay, the teams are the ones"},{"speaker":"Daniela Cruzes","startTime":2047.46,"endTime":2051.09,"body":"that decide you have to trust"},{"speaker":"Daniela Cruzes","startTime":2047.46,"endTime":2051.09,"body":"that they are the best ones to"},{"speaker":"Daniela Cruzes","startTime":2051.09,"endTime":2054.27,"body":"take those decisions, and how"},{"speaker":"Daniela Cruzes","startTime":2051.09,"endTime":2054.27,"body":"can you trust that, then you"},{"speaker":"Daniela Cruzes","startTime":2054.27,"endTime":2058.32,"body":"have to enable them, you have to"},{"speaker":"Daniela Cruzes","startTime":2054.27,"endTime":2058.32,"body":"then give them all the training"},{"speaker":"Daniela Cruzes","startTime":2058.32,"endTime":2061.47,"body":"that they need to know, like"},{"speaker":"Daniela Cruzes","startTime":2058.32,"endTime":2061.47,"body":"make sure that they have all the"},{"speaker":"Daniela Cruzes","startTime":2061.47,"endTime":2064.89,"body":"awareness that they need. Like"},{"speaker":"Daniela Cruzes","startTime":2061.47,"endTime":2064.89,"body":"they know what are the risks,"},{"speaker":"Daniela Cruzes","startTime":2064.92,"endTime":2067.26,"body":"they know what are the risks"},{"speaker":"Daniela Cruzes","startTime":2064.92,"endTime":2067.26,"body":"that they are facing, and that"},{"speaker":"Daniela Cruzes","startTime":2067.26,"endTime":2071.04,"body":"they will take the best decision"},{"speaker":"Daniela Cruzes","startTime":2067.26,"endTime":2071.04,"body":"when it needs to be taken. And"},{"speaker":"Daniela Cruzes","startTime":2071.55,"endTime":2074.82,"body":"so trust is very important. And"},{"speaker":"Daniela Cruzes","startTime":2071.55,"endTime":2074.82,"body":"then transparency is something"},{"speaker":"Daniela Cruzes","startTime":2074.82,"endTime":2078.96,"body":"that we talk a lot about in"},{"speaker":"Daniela Cruzes","startTime":2074.82,"endTime":2078.96,"body":"visma that is should be"},{"speaker":"Daniela Cruzes","startTime":2078.96,"endTime":2082.77,"body":"transparent, both top down and"},{"speaker":"Daniela Cruzes","startTime":2078.96,"endTime":2082.77,"body":"bottom up with from the team"},{"speaker":"Daniela Cruzes","startTime":2082.77,"endTime":2086.1,"body":"student to management and from"},{"speaker":"Daniela Cruzes","startTime":2082.77,"endTime":2086.1,"body":"the management to the teams. So"},{"speaker":"Espen Johansen","startTime":2086.43,"endTime":2088.47,"body":"that's been a"},{"speaker":"Espen Johansen","startTime":2086.43,"endTime":2088.47,"body":"surprisingly easy battle to"},{"speaker":"Espen Johansen","startTime":2088.47,"endTime":2092.04,"body":"fight actually presumed that"},{"speaker":"Espen Johansen","startTime":2088.47,"endTime":2092.04,"body":"transparency will be an issue"},{"speaker":"Espen Johansen","startTime":2092.04,"endTime":2095.01,"body":"but it wasn't. It kind of it"},{"speaker":"Espen Johansen","startTime":2092.04,"endTime":2095.01,"body":"looks like when you talk with"},{"speaker":"Espen Johansen","startTime":2095.01,"endTime":2097.26,"body":"intelligent people that they"},{"speaker":"Espen Johansen","startTime":2095.01,"endTime":2097.26,"body":"actually understand the"},{"speaker":"Espen Johansen","startTime":2097.26,"endTime":2101.58,"body":"reasoning behind this and it"},{"speaker":"Espen Johansen","startTime":2097.26,"endTime":2101.58,"body":"really is was the simplest of"},{"speaker":"Espen Johansen","startTime":2101.58,"endTime":2104.91,"body":"all tasks was to get them to be"},{"speaker":"Espen Johansen","startTime":2101.58,"endTime":2104.91,"body":"transparent, the more difficult"},{"speaker":"Espen Johansen","startTime":2104.91,"endTime":2107.82,"body":"it was to make them take"},{"speaker":"Espen Johansen","startTime":2104.91,"endTime":2107.82,"body":"responsibility and really become"},{"speaker":"Espen Johansen","startTime":2108.33,"endTime":2110.73,"body":"own up to their own"},{"speaker":"Espen Johansen","startTime":2108.33,"endTime":2110.73,"body":"responsibility states, there's"},{"speaker":"Espen Johansen","startTime":2110.73,"endTime":2113.46,"body":"some still, that kind of just"},{"speaker":"Espen Johansen","startTime":2110.73,"endTime":2113.46,"body":"wants me to throw some kind of"},{"speaker":"Espen Johansen","startTime":2113.46,"endTime":2115.62,"body":"certificate on them and say that"},{"speaker":"Espen Johansen","startTime":2113.46,"endTime":2115.62,"body":"we're good enough. Now, can we"},{"speaker":"Espen Johansen","startTime":2115.62,"endTime":2120.39,"body":"go back to rest? But hell No, I"},{"speaker":"Espen Johansen","startTime":2115.62,"endTime":2120.39,"body":"will not do that. So the, the"},{"speaker":"Espen Johansen","startTime":2120.39,"endTime":2124.32,"body":"the element of that is"},{"speaker":"Espen Johansen","startTime":2120.39,"endTime":2124.32,"body":"compliance orientation in"},{"speaker":"Espen Johansen","startTime":2124.32,"endTime":2128.79,"body":"DevOps, people realize it"},{"speaker":"Espen Johansen","startTime":2124.32,"endTime":2128.79,"body":"doesn't work. This kind of just"},{"speaker":"Espen Johansen","startTime":2128.79,"endTime":2132.81,"body":"wanting a certificate to show to"},{"speaker":"Espen Johansen","startTime":2128.79,"endTime":2132.81,"body":"the clients. It's just smoke and"},{"speaker":"Espen Johansen","startTime":2132.81,"endTime":2137.82,"body":"mirrors my book. Certificates"},{"speaker":"Espen Johansen","startTime":2132.81,"endTime":2137.82,"body":"can add value, if they're"},{"speaker":"Espen Johansen","startTime":2137.82,"endTime":2143.7,"body":"implemented with a with a cause."},{"speaker":"Espen Johansen","startTime":2137.82,"endTime":2143.7,"body":"But the certificates, they don't"},{"speaker":"Espen Johansen","startTime":2143.7,"endTime":2145.26,"body":"have a whole bunch of money to"},{"speaker":"Espen Johansen","startTime":2143.7,"endTime":2145.26,"body":"meet,"},{"speaker":"Robby Peralta","startTime":2146.17,"endTime":2147.25,"body":"the more you"},{"speaker":"Robby Peralta","startTime":2146.17,"endTime":2147.25,"body":"think, you know, the lesser"},{"speaker":"Robby Peralta","startTime":2147.25,"endTime":2152.95,"body":"option or something like that."},{"speaker":"Robby Peralta","startTime":2147.25,"endTime":2152.95,"body":"Yeah. Hey, last last question."},{"speaker":"Robby Peralta","startTime":2153.73,"endTime":2156.73,"body":"And it's, yeah, I'm pretty mean"},{"speaker":"Robby Peralta","startTime":2153.73,"endTime":2156.73,"body":"today, but I'm gonna do it"},{"speaker":"Robby Peralta","startTime":2156.73,"endTime":2161.26,"body":"anyway. Why is there no"},{"speaker":"Robby Peralta","startTime":2156.73,"endTime":2161.26,"body":"regulation around software"},{"speaker":"Robby Peralta","startTime":2161.26,"endTime":2164.38,"body":"security? Like, you know,"},{"speaker":"Robby Peralta","startTime":2161.26,"endTime":2164.38,"body":"there's GDPR for you know,"},{"speaker":"Robby Peralta","startTime":2164.44,"endTime":2167.71,"body":"personal data. But, you know,"},{"speaker":"Robby Peralta","startTime":2164.44,"endTime":2167.71,"body":"all the new security laws that"},{"speaker":"Robby Peralta","startTime":2167.71,"endTime":2170.41,"body":"are coming out, there's nothing"},{"speaker":"Robby Peralta","startTime":2167.71,"endTime":2170.41,"body":"that meant, that says, You need"},{"speaker":"Robby Peralta","startTime":2170.41,"endTime":2173.8,"body":"to do this with software"},{"speaker":"Robby Peralta","startTime":2170.41,"endTime":2173.8,"body":"security. And I think I have an"},{"speaker":"Robby Peralta","startTime":2173.8,"endTime":2176.23,"body":"idea why, but I'm just gonna put"},{"speaker":"Robby Peralta","startTime":2173.8,"endTime":2176.23,"body":"that over to you, too. Yeah."},{"speaker":"Robby Peralta","startTime":2177.67,"endTime":2178.15,"body":"Come on."},{"speaker":"Daniela Cruzes","startTime":2181.39,"endTime":2182.89,"body":"Because we don't"},{"speaker":"Daniela Cruzes","startTime":2181.39,"endTime":2182.89,"body":"know for sure."},{"speaker":"Espen Johansen","startTime":2188.41,"endTime":2190.33,"body":"Because I think"},{"speaker":"Espen Johansen","startTime":2188.41,"endTime":2190.33,"body":"just it's basically it's just"},{"speaker":"Espen Johansen","startTime":2190.36,"endTime":2193.93,"body":"hard. Yeah, it's difficult. How"},{"speaker":"Espen Johansen","startTime":2190.36,"endTime":2193.93,"body":"do you regulate this stuff?"},{"speaker":"Espen Johansen","startTime":2194.29,"endTime":2197.32,"body":"Yeah. Do you have control"},{"speaker":"Espen Johansen","startTime":2194.29,"endTime":2197.32,"body":"regimes in place to regulate if"},{"speaker":"Espen Johansen","startTime":2197.32,"endTime":2200.38,"body":"people have done this? Right? So"},{"speaker":"Espen Johansen","startTime":2197.32,"endTime":2200.38,"body":"basically, to transfer the"},{"speaker":"Espen Johansen","startTime":2200.38,"endTime":2203.23,"body":"responsibility from the ones who"},{"speaker":"Espen Johansen","startTime":2200.38,"endTime":2203.23,"body":"develop software to the testers?"},{"speaker":"Espen Johansen","startTime":2203.56,"endTime":2205.0,"body":"Yeah, it's difficult."},{"speaker":"Daniela Cruzes","startTime":2206.5,"endTime":2208.57,"body":"It's also about"},{"speaker":"Daniela Cruzes","startTime":2206.5,"endTime":2208.57,"body":"the thing about being self"},{"speaker":"Daniela Cruzes","startTime":2208.57,"endTime":2214.48,"body":"managing teams. And also the,"},{"speaker":"Daniela Cruzes","startTime":2208.57,"endTime":2214.48,"body":"this whole thing of like,"},{"speaker":"Daniela Cruzes","startTime":2214.48,"endTime":2217.54,"body":"compliance driven that Espen was"},{"speaker":"Daniela Cruzes","startTime":2214.48,"endTime":2217.54,"body":"saying, and that's one thing"},{"speaker":"Daniela Cruzes","startTime":2217.54,"endTime":2219.88,"body":"that you asked about, like, why"},{"speaker":"Daniela Cruzes","startTime":2217.54,"endTime":2219.88,"body":"do you need to be more"},{"speaker":"Daniela Cruzes","startTime":2219.88,"endTime":2222.91,"body":"ambidextrous with a security"},{"speaker":"Daniela Cruzes","startTime":2219.88,"endTime":2222.91,"body":"program? Why we are putting so"},{"speaker":"Daniela Cruzes","startTime":2222.91,"endTime":2226.96,"body":"much focus on that? And one of"},{"speaker":"Daniela Cruzes","startTime":2222.91,"endTime":2226.96,"body":"the reasons was, because as Ben,"},{"speaker":"Daniela Cruzes","startTime":2227.02,"endTime":2229.99,"body":"and we discussed a lot about"},{"speaker":"Daniela Cruzes","startTime":2227.02,"endTime":2229.99,"body":"that didn't want to be"},{"speaker":"Daniela Cruzes","startTime":2229.99,"endTime":2233.77,"body":"compliance driven. You know, so"},{"speaker":"Daniela Cruzes","startTime":2229.99,"endTime":2233.77,"body":"then why are we going to create"},{"speaker":"Daniela Cruzes","startTime":2233.83,"endTime":2236.2,"body":"regulations, so then the teams"},{"speaker":"Daniela Cruzes","startTime":2233.83,"endTime":2236.2,"body":"will have to be compliance"},{"speaker":"Daniela Cruzes","startTime":2236.2,"endTime":2240.22,"body":"driven, that's not what we want,"},{"speaker":"Daniela Cruzes","startTime":2236.2,"endTime":2240.22,"body":"in wanting security to be just"},{"speaker":"Daniela Cruzes","startTime":2240.22,"endTime":2244.18,"body":"part of normal life, it's the"},{"speaker":"Daniela Cruzes","startTime":2240.22,"endTime":2244.18,"body":"way to do software, you know,"},{"speaker":"Daniela Cruzes","startTime":2244.45,"endTime":2249.82,"body":"like, is not optional. It's just"},{"speaker":"Daniela Cruzes","startTime":2244.45,"endTime":2249.82,"body":"like, we just write software in"},{"speaker":"Daniela Cruzes","startTime":2249.82,"endTime":2253.48,"body":"a secure way. We think about"},{"speaker":"Daniela Cruzes","startTime":2249.82,"endTime":2253.48,"body":"security all the way, you know."},{"speaker":"Daniela Cruzes","startTime":2253.75,"endTime":2257.23,"body":"So we think about security the"},{"speaker":"Daniela Cruzes","startTime":2253.75,"endTime":2257.23,"body":"whole time, from the beginning"},{"speaker":"Daniela Cruzes","startTime":2257.23,"endTime":2261.37,"body":"to the to the end, it's like we"},{"speaker":"Daniela Cruzes","startTime":2257.23,"endTime":2261.37,"body":"talked about this before, that's"},{"speaker":"Daniela Cruzes","startTime":2261.37,"endTime":2266.02,"body":"our dream was that like,"},{"speaker":"Daniela Cruzes","startTime":2261.37,"endTime":2266.02,"body":"security would not be an issue"},{"speaker":"Daniela Cruzes","startTime":2266.02,"endTime":2268.84,"body":"or even like a discussion, are"},{"speaker":"Daniela Cruzes","startTime":2266.02,"endTime":2268.84,"body":"we doing securit or are we not"},{"speaker":"Daniela Cruzes","startTime":2268.84,"endTime":2272.8,"body":"doing security? It's just like,"},{"speaker":"Daniela Cruzes","startTime":2268.84,"endTime":2272.8,"body":"you just do software, and"},{"speaker":"Daniela Cruzes","startTime":2272.8,"endTime":2274.96,"body":"software has to be secure. There"},{"speaker":"Daniela Cruzes","startTime":2272.8,"endTime":2274.96,"body":"is no question."},{"speaker":"Robby Peralta","startTime":2277.0,"endTime":2278.14,"body":"Secure by design"},{"speaker":"Robby Peralta","startTime":2277.0,"endTime":2278.14,"body":"now."},{"speaker":"Espen Johansen","startTime":2279.5,"endTime":2282.11,"body":"I really love"},{"speaker":"Espen Johansen","startTime":2279.5,"endTime":2282.11,"body":"that statement. Because some of"},{"speaker":"Espen Johansen","startTime":2282.11,"endTime":2284.9,"body":"the things that I've been at it"},{"speaker":"Espen Johansen","startTime":2282.11,"endTime":2284.9,"body":"for a while now, and I couldn't"},{"speaker":"Espen Johansen","startTime":2284.93,"endTime":2287.24,"body":"if you look at the Norwegian"},{"speaker":"Espen Johansen","startTime":2284.93,"endTime":2287.24,"body":"health law and stuff like that,"},{"speaker":"Espen Johansen","startTime":2287.6,"endTime":2289.58,"body":"all these kind of different"},{"speaker":"Espen Johansen","startTime":2287.6,"endTime":2289.58,"body":"frameworks that have their own"},{"speaker":"Espen Johansen","startTime":2289.58,"endTime":2292.97,"body":"rules, sets and all that stuff."},{"speaker":"Espen Johansen","startTime":2289.58,"endTime":2292.97,"body":"There's always some glitches,"},{"speaker":"Espen Johansen","startTime":2292.97,"endTime":2296.51,"body":"and then the people exploiting"},{"speaker":"Espen Johansen","startTime":2292.97,"endTime":2296.51,"body":"and, like in the north, I think"},{"speaker":"Espen Johansen","startTime":2296.51,"endTime":2299.18,"body":"that kind of praise is that you"},{"speaker":"Espen Johansen","startTime":2296.51,"endTime":2299.18,"body":"have to have encryption for"},{"speaker":"Espen Johansen","startTime":2299.18,"endTime":2301.61,"body":"certain elements, and you have"},{"speaker":"Espen Johansen","startTime":2299.18,"endTime":2301.61,"body":"to have certain amounts of"},{"speaker":"Espen Johansen","startTime":2301.61,"endTime":2305.21,"body":"separations. Well, encryption"},{"speaker":"Espen Johansen","startTime":2301.61,"endTime":2305.21,"body":"will elicit enough with a video"},{"speaker":"Espen Johansen","startTime":2305.21,"endTime":2308.09,"body":"encryption, or is to do what"},{"speaker":"Espen Johansen","startTime":2305.21,"endTime":2308.09,"body":"kind of encryption Do you really"},{"speaker":"Espen Johansen","startTime":2308.09,"endTime":2311.9,"body":"need? It is not explicit all the"},{"speaker":"Espen Johansen","startTime":2308.09,"endTime":2311.9,"body":"time. And sometimes it's"},{"speaker":"Espen Johansen","startTime":2311.93,"endTime":2314.12,"body":"outdated and who's going to"},{"speaker":"Espen Johansen","startTime":2311.93,"endTime":2314.12,"body":"maintain these kind of"},{"speaker":"Espen Johansen","startTime":2314.12,"endTime":2318.35,"body":"standards? And are they sure"},{"speaker":"Espen Johansen","startTime":2314.12,"endTime":2318.35,"body":"that they are good enough? So"},{"speaker":"Espen Johansen","startTime":2318.35,"endTime":2322.49,"body":"I've learned to, to kind of,"},{"speaker":"Espen Johansen","startTime":2318.35,"endTime":2322.49,"body":"instead of making forcing them"},{"speaker":"Espen Johansen","startTime":2322.49,"endTime":2325.88,"body":"to read PCI DSS reading some of"},{"speaker":"Espen Johansen","startTime":2322.49,"endTime":2325.88,"body":"the other kind of listening"},{"speaker":"Espen Johansen","startTime":2326.45,"endTime":2329.0,"body":"piece, look at them, see them as"},{"speaker":"Espen Johansen","startTime":2326.45,"endTime":2329.0,"body":"inspiration, because they are"},{"speaker":"Espen Johansen","startTime":2329.0,"endTime":2332.54,"body":"great pieces of work made by"},{"speaker":"Espen Johansen","startTime":2329.0,"endTime":2332.54,"body":"people who really cares. And"},{"speaker":"Espen Johansen","startTime":2332.54,"endTime":2334.88,"body":"they've really put effort into"},{"speaker":"Espen Johansen","startTime":2332.54,"endTime":2334.88,"body":"it. So see them as"},{"speaker":"Espen Johansen","startTime":2334.88,"endTime":2339.23,"body":"inspirational, but don't see"},{"speaker":"Espen Johansen","startTime":2334.88,"endTime":2339.23,"body":"them as, as dictates, you don't"},{"speaker":"Espen Johansen","startTime":2339.26,"endTime":2342.53,"body":"have to do that stuff. Because"},{"speaker":"Espen Johansen","startTime":2339.26,"endTime":2342.53,"body":"some of that is just moronic. So"},{"speaker":"Espen Johansen","startTime":2342.53,"endTime":2345.65,"body":"if you are doing a web"},{"speaker":"Espen Johansen","startTime":2342.53,"endTime":2345.65,"body":"application that's going to be"},{"speaker":"Espen Johansen","startTime":2345.65,"endTime":2349.01,"body":"posted onto Amazon, or Azure."},{"speaker":"Espen Johansen","startTime":2345.65,"endTime":2349.01,"body":"And you're thinking about the"},{"speaker":"Espen Johansen","startTime":2349.01,"endTime":2352.58,"body":"three states of the data, which"},{"speaker":"Espen Johansen","startTime":2349.01,"endTime":2352.58,"body":"is either in process or it's in,"},{"speaker":"Espen Johansen","startTime":2353.09,"endTime":2356.24,"body":"it's in transit, or it's"},{"speaker":"Espen Johansen","startTime":2353.09,"endTime":2356.24,"body":"addressed. So how do you ensure"},{"speaker":"Espen Johansen","startTime":2356.24,"endTime":2360.38,"body":"that it's encrypted in transit?"},{"speaker":"Espen Johansen","startTime":2356.24,"endTime":2360.38,"body":"Well, you figure it out based on"},{"speaker":"Espen Johansen","startTime":2360.38,"endTime":2363.2,"body":"your customers. How do you"},{"speaker":"Espen Johansen","startTime":2360.38,"endTime":2363.2,"body":"ensure that it's encrypted and"},{"speaker":"Espen Johansen","startTime":2363.2,"endTime":2367.88,"body":"really well secured while it is"},{"speaker":"Espen Johansen","startTime":2363.2,"endTime":2367.88,"body":"in rest? Well, that's easy. Most"},{"speaker":"Espen Johansen","startTime":2367.88,"endTime":2370.55,"body":"of the services are very good"},{"speaker":"Espen Johansen","startTime":2367.88,"endTime":2370.55,"body":"encryption services available"},{"speaker":"Espen Johansen","startTime":2370.55,"endTime":2373.37,"body":"for you. But if you want to do"},{"speaker":"Espen Johansen","startTime":2370.55,"endTime":2373.37,"body":"the advanced stuff and go for"},{"speaker":"Espen Johansen","startTime":2373.37,"endTime":2375.62,"body":"encryption, when it's in"},{"speaker":"Espen Johansen","startTime":2373.37,"endTime":2375.62,"body":"process, you have to start to"},{"speaker":"Espen Johansen","startTime":2375.62,"endTime":2378.14,"body":"think like homomorphic"},{"speaker":"Espen Johansen","startTime":2375.62,"endTime":2378.14,"body":"encryption using microservices"},{"speaker":"Espen Johansen","startTime":2378.14,"endTime":2381.38,"body":"deploying them in hardware"},{"speaker":"Espen Johansen","startTime":2378.14,"endTime":2381.38,"body":"security modules and stuff. So"},{"speaker":"Espen Johansen","startTime":2381.83,"endTime":2384.62,"body":"you really need to challenge the"},{"speaker":"Espen Johansen","startTime":2381.83,"endTime":2384.62,"body":"mindset of the developers"},{"speaker":"Espen Johansen","startTime":2384.62,"endTime":2387.44,"body":"because they are bloody smart."},{"speaker":"Espen Johansen","startTime":2384.62,"endTime":2387.44,"body":"They are really really smart and"},{"speaker":"Espen Johansen","startTime":2387.44,"endTime":2390.2,"body":"they kept the class the"},{"speaker":"Espen Johansen","startTime":2387.44,"endTime":2390.2,"body":"sciences, just been given the"},{"speaker":"Espen Johansen","startTime":2390.2,"endTime":2393.5,"body":"opportunity to deviate a bit"},{"speaker":"Espen Johansen","startTime":2390.2,"endTime":2393.5,"body":"from door to door just give them"},{"speaker":"Espen Johansen","startTime":2393.5,"endTime":2397.55,"body":"a steady hand but for PCI DSS,"},{"speaker":"Espen Johansen","startTime":2393.5,"endTime":2397.55,"body":"they will do just as it states"},{"speaker":"Espen Johansen","startTime":2397.61,"endTime":2399.86,"body":"in the PCI DSS and nothing more"},{"speaker":"Daniela Cruzes","startTime":2400.55,"endTime":2402.89,"body":"Maybe they'll"},{"speaker":"Daniela Cruzes","startTime":2400.55,"endTime":2402.89,"body":"find ways to fake that they are"},{"speaker":"Daniela Cruzes","startTime":2402.89,"endTime":2404.57,"body":"doing. Oh,"},{"speaker":"Espen Johansen","startTime":2406.22,"endTime":2409.19,"body":"I've seen so"},{"speaker":"Espen Johansen","startTime":2406.22,"endTime":2409.19,"body":"many examples of how to fake the"},{"speaker":"Espen Johansen","startTime":2409.19,"endTime":2413.21,"body":"standards, so easy to fake. So"},{"speaker":"Espen Johansen","startTime":2409.19,"endTime":2413.21,"body":"it's always fun to go in and"},{"speaker":"Espen Johansen","startTime":2413.21,"endTime":2415.7,"body":"query them. And we don't want to"},{"speaker":"Espen Johansen","startTime":2413.21,"endTime":2415.7,"body":"embarrass them, because they're"},{"speaker":"Espen Johansen","startTime":2415.7,"endTime":2419.72,"body":"just doing their jobs by letting"},{"speaker":"Espen Johansen","startTime":2415.7,"endTime":2419.72,"body":"them be responsible once by"},{"speaker":"Espen Johansen","startTime":2419.72,"endTime":2422.72,"body":"empowering them. You're"},{"speaker":"Espen Johansen","startTime":2419.72,"endTime":2422.72,"body":"challenging them mentally. And"},{"speaker":"Espen Johansen","startTime":2422.72,"endTime":2426.11,"body":"they're kind of, they're like"},{"speaker":"Espen Johansen","startTime":2422.72,"endTime":2426.11,"body":"kids, if you give them enough"},{"speaker":"Espen Johansen","startTime":2427.16,"endTime":2430.4,"body":"leeway, they might really"},{"speaker":"Espen Johansen","startTime":2427.16,"endTime":2430.4,"body":"empower you, they might really"},{"speaker":"Espen Johansen","startTime":2430.94,"endTime":2434.15,"body":"amaze you with their creativity."},{"speaker":"Espen Johansen","startTime":2430.94,"endTime":2434.15,"body":"And they might develop into"},{"speaker":"Espen Johansen","startTime":2434.15,"endTime":2436.43,"body":"something really beautiful that"},{"speaker":"Espen Johansen","startTime":2434.15,"endTime":2436.43,"body":"you haven't foreseen yourself,"},{"speaker":"Espen Johansen","startTime":2437.21,"endTime":2437.48,"body":"you're gonna"},{"speaker":"Robby Peralta","startTime":2437.65,"endTime":2439.06,"body":"get a bunch of"},{"speaker":"Robby Peralta","startTime":2437.65,"endTime":2439.06,"body":"people trying to apply to your"},{"speaker":"Robby Peralta","startTime":2439.06,"endTime":2442.09,"body":"company now has been, we're"},{"speaker":"Robby Peralta","startTime":2439.06,"endTime":2442.09,"body":"gonna get a flow of, you're"},{"speaker":"Robby Peralta","startTime":2442.09,"endTime":2444.37,"body":"gonna get a bunch of LinkedIn"},{"speaker":"Robby Peralta","startTime":2442.09,"endTime":2444.37,"body":"messages afterwards asked me if"},{"speaker":"Robby Peralta","startTime":2444.37,"endTime":2445.3,"body":"you need people on your team."},{"speaker":"Espen Johansen","startTime":2447.19,"endTime":2447.97,"body":"We always do."},{"speaker":"Robby Peralta","startTime":2453.88,"endTime":2455.29,"body":"You know what you"},{"speaker":"Robby Peralta","startTime":2453.88,"endTime":2455.29,"body":"do. Thank you so much for your"},{"speaker":"Robby Peralta","startTime":2455.29,"endTime":2459.52,"body":"time. Danielle, I'm expecting"},{"speaker":"Robby Peralta","startTime":2455.29,"endTime":2459.52,"body":"144 more papers from you in the"},{"speaker":"Robby Peralta","startTime":2459.85,"endTime":2464.8,"body":"next 12 years. And you are"},{"speaker":"Robby Peralta","startTime":2459.85,"endTime":2464.8,"body":"definitely my trusted advisors"},{"speaker":"Robby Peralta","startTime":2464.8,"endTime":2467.53,"body":"for the topic moving forward. So"},{"speaker":"Robby Peralta","startTime":2464.8,"endTime":2467.53,"body":"I wouldn't be surprised if you"},{"speaker":"Robby Peralta","startTime":2467.53,"endTime":2470.32,"body":"get invited back or invited to"},{"speaker":"Robby Peralta","startTime":2467.53,"endTime":2470.32,"body":"speak at an event of ours or"},{"speaker":"Robby Peralta","startTime":2470.32,"endTime":2472.12,"body":"something like that. So thank"},{"speaker":"Robby Peralta","startTime":2470.32,"endTime":2472.12,"body":"you again for your time."},{"speaker":"Espen Johansen","startTime":2473.23,"endTime":2475.18,"body":"Enjoy it. All"},{"speaker":"Espen Johansen","startTime":2473.23,"endTime":2475.18,"body":"right."},{"speaker":"Robby Peralta","startTime":2475.33,"endTime":2476.5,"body":"Take care talk"},{"speaker":"Robby Peralta","startTime":2475.33,"endTime":2476.5,"body":"soon."},{"speaker":"Robby Peralta","startTime":2478.63,"endTime":2481.45,"body":"Well, that's all for today,"},{"speaker":"Robby Peralta","startTime":2478.63,"endTime":2481.45,"body":"folks. Thank you for tuning in"},{"speaker":"Robby Peralta","startTime":2481.45,"endTime":2484.06,"body":"to the mnemonic security"},{"speaker":"Robby Peralta","startTime":2481.45,"endTime":2484.06,"body":"podcast. If you have any"},{"speaker":"Robby Peralta","startTime":2484.06,"endTime":2487.09,"body":"concepts or ideas that you'd"},{"speaker":"Robby Peralta","startTime":2484.06,"endTime":2487.09,"body":"like us to discuss on future"},{"speaker":"Robby Peralta","startTime":2487.09,"endTime":2489.79,"body":"episodes, please feel free to"},{"speaker":"Robby Peralta","startTime":2487.09,"endTime":2489.79,"body":"send us a mail to"},{"speaker":"Robby Peralta","startTime":2490.63,"endTime":2493.81,"body":"podcast@nimonic.nl Thank you for"},{"speaker":"Robby Peralta","startTime":2490.63,"endTime":2493.81,"body":"listening, and we'll see you"},{"speaker":"Robby Peralta","startTime":2493.81,"endTime":2494.23,"body":"next time."}]}