Policy-as-code is an essential step towards software-driven security governance. This approach is one of the most effective methods of managing the security and compliance of large scale, complex and highly dynamic, cloud-based systems. However, the automation we see today is often siloed to only certain functions within security. Listen this discussion with Chenxi Wang and Sounil Yu to understand why we need to move towards software-driven security governance and learn how to actually implement policy as code.
Founder & General Partner
CISO & Head of Research
Chenxi Wang is the Founder and General Partner of Rain Capital, a cyber-focused venture fund. A well-known strategist, speaker, and technologist in the cybersecurity industry, Wang also serves on the Board of Directors for MDU Resources (NYSE: mdu), and as a strategic advisor to SC Media and various security startups. Previously, Wang held various executive positions with Twistlock, Intel Security, and Forrester Research. Wang was named by SC Magazine a Women of Influence and received the Women Investor of 2019 award from Women Tech Founders. Wang’s career began as a faculty member at Carnegie Mellon University. Wang holds a Ph.D. in computer science from the University of Virginia.
Sounil Yu is the creator of the Cyber Defense Matrix and the DIE Resiliency Framework, serves on the board of SCVX Corp and the FAIR Institute, teaches security as an Adjunct Professor, co-chairs Art into Science: A Conference on Defense, and advises many startups. He is currently the CISO at JupiterOne and previously served as the CISO-in-Residence at YL Ventures and Chief Security Scientist at Bank of America, driving innovation to meet emerging security needs and develop alternative approaches to hard problems in security. Although on occasion he is forced to write about himself in the third person, he would rather meet people in person to share experiences rather than writing it up in a short bio.
Mark Miller speaks and writes extensively on DevOps and Security, hosting panel discussions on tools and processes within the DevOps Software Supply Chain. He actively participates in the DevOps/DevSecOps community by building DevSecOps tracks at security conferences such as RSA Conference, InfoSec Europe, CD Summit, AppSec USA and AppSec EU. He is the Senior Storyteller and Senior Director of Community and Content at JupiterOne. As well, Mark is Executive Producer of the DevSecOps Podcast Series (400K+ listens), and the Executive Editor of the LinkedIn DevOps Group (100K+ members).
The relationships between dev, security, and operations are the relationships we need to track and understand, including current state, historical state over time, and future state.
Tyler Shields — CMO, JupiterOne