We’re happy to announce Rick Orloff joining Wallarm advisory board. Rick will work closely with a team advising on product and roadmap.
Rick has successful 20-years long track record in security and is currently the Chief Security Officer at Code42. Prior to that he was a Vice President and Chief Information Security Officer at eBay and before that spent seven years at Apple Inc. He is a member of several Advisory Boards such as Raytheon Cyber Products, Oracle, Box Inc, FINDO, 802 Secure, and now Wallarm.
As is a tradition for the new members of the advisory board, we asked Rick a few questions about his vision of application security.
Application security has always been hard. How did it become even more complicated in the last few years?
Application security is always difficult and got further complicated as the software developers often developed their code while focusing on product features. Development teams were measured on delivering the feature sets to scope, schedule, and budget. The problem was, security was not one of the core design principles which meant security was addressed as a checkbox approach and not part of the primary workflow. Quite often, the security issues discovered were complicated to correct and placed the DevOps schedule at risk and this introduced friction between the security teams and the DevOps teams. From a customer persecutive, this often meant code was released with known issues and the developers were now racing to develop a 1.x.1 security patch.
Could you give your 3–5 take-aways for those enterprises adopting agile/CI/CD to run faster but not willing to sacrifice security?
Teams that follow agile practice with security experts embedded in their development processes developed code faster and more securely than teams that didn’t. In fact, as some of these teams embraced this model, they began including security elements as features. From a product management perspective, adopting an Agile approach means that when DevOps are walking into a Change Control Board meeting, security is already fully baked in and they don’t have to compromise customer security over their product delivery schedule.
What do you like best about Wallarm products/approaches?
Wallarm’s approach takes the meaningful and actionable portions of reviewing the entire technology stack and presents findings truly relevant to the code, systems, or services being used in the technology stack. It moves completely away from the old school theoretical laundry list of findings (could be hundreds or thousands) and presents a relevant rank-stacked list of risks for the developers or site operators to address. In part, by moving away from signature based processing and embracing machine learning and AI, Wallarm results are relevant, focused, and actionable. There’s a huge ROI for Developers and Site Owners enabling them to focus on prioritized findings to the benefit of their customers.