Engineering Security: Bridging DevOps and AppSec with Jon-Anthoney de Boer

Episode SummaryJon-Anthoney de Boer is the Product Security Lead at Transmax, overseeing security for critical infrastructure that manages traffic flow across Australia. Coming from a strong software engineering background, Jon-Anthoney shares his experience transitioning from traditional engineering into product and application security. He highlights the importance of aligning software engineering and security teams, building trust into the software development lifecycle, and fostering a security culture based on practical strategy rather than superficial metrics. Jon-Anthoney also discusses how behavioural change, organisational alignment, and operational excellence are key to achieving effective, sustainable security outcomes.Timestamps00:32 - Jon-Anthoney’s journey from electrical engineering to product security05:08 - Transitioning from software craftsmanship to cybersecurity09:30 - Why aligned incentives between engineering and security teams matter12:22 - Goodhart's Law: pitfalls of security metrics18:21 - Rethinking cybersecurity strategies beyond tools and compliance25:12 - Building observability into the secure software development lifecycle32:35 - Why executive support is crucial for security initiatives38:34 - Operational excellence: removing waste from security processesMentioned in this episode:Call for FeedbackThis podcast uses the following third-party services for analysis: Podtrac - https://analytics.podtrac.com/privacy-policy-gdrpSpotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/

There are no comments yet.

Please log in to write the first comment.