Eoin Keary, CEO of edgescan, talks with ITSPmagazine about security and risk management within a CDCI-enabled DevSecOps process
Speech Synthesis
Eoin Keary, CEO of Dublin-based edgescan, talks to ITSPmagazine about his entry into cybersecurity, starting off in software development. Eoin describes how the agile software development lifecycle (SDLC) has changed the way organizations need to view risk as they build and deploy their applications throughout their business environment.
Per Eoin's experience as both a developer and a breaker and now as the CEO of a successful SaaS-based vulnerability assessment solution provider, organizations need to address security up and down the operational stack and all the way through the SDLC; it’s important to give the developers the proper tools, making it nearly invisible to the developers to make their applications secure. As Eoin describes, however, the solution needs to extend beyond the tools and needs to be combined with training to make the engineers aware of the cyber risks they face in logic and implementation bugs they might introduce into their application's code.
With a goal to combine the technical and human elements of vulnerability management, Eoin describes how and why he and his team started edgescan, highlighting the unique challenges they are looking to solve for their customers via the combination of machine-learning-enabled automation and hands-on human intelligence which they use to validate the findings.
Some clients call edgescan their "virtual penetration testing team," with a number of them leveraging edgescan's APIs to integrate continuous application vulnerability assessments within their existing CDCI- (continuous development / continuous integration) enabled DevSecOps processes.
"Security is everybody’s problem now," says Eoin. "It is getting attention at the board level; you need to get yourself into these meetings, and you need to be prepared to present metrics."
source
Gloss