ASW Episode59

From Security Weekly Wiki
Jump to navigationJump to search

Recorded April 29, 2019 at G-Unit Studios in Rhode Island!


  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • John Kinsella
    is the Vice President of Container Security for Qualys.
  • Mike Shema
    is the Product Security Lead of Square.
  • Announcements

    • John Strand will be teaching Active Defense and Cyber Deception at Black Hat 2019.  Please register here!  Register Now @ [1].
    • We just released our 2019 Security Weekly 25 Index Survey. Please go to and click the Survey link to help us understand who's evaluating, using, or formerly used any of the Security Weekly 25 companies. The results will be summarized and presented back to all responders in a private webcast.

    Interview: Larry Maccherone, Comcast

    Larry Maccherone
    is the DevSecOps Transformation, Senior Director of Comcast.

    Prior to joining Comcast, Larry served as Principal for his namesake consulting firm where he worked with clients like IBM, Adobe, Oracle, USAA, and Intuit. Before branching out on his own, he became an internationally-recognized author and speaker on agile cultural transformations and published the largest ever study quantifying the impact of agile development practices while serving as the Director of Analytics and Research for Rally Software (now part of CA). Prior to that, he served as Executive Director for Carnegie Mellon's Cylab, where he teamed up with Gary McGraw and Noopur Davis to lead the launch of the DHS' Build-Security-In initiative. He has also served as Principal Investigator for the NSA's Code Assessment Methodology Project, on the Advisory Board for IARPA's STONESOUP program, and as the Department of Energy's Los Alamos National Labs Fellow.

    Larry currently sees a huge opportunity for the concepts he helped developed with Build-Security-In a decade ago to finally take hold with the recent emergence of DevOps, which he thinks of as a natural successor to agile development because it further breaks down silos. As such, he characterizes DevOps as empowered development teams taking ownership for how their product behaves in production. He's currently applying agile transformation techniques that he previously quantified to spread DevOps and DevSecOps through large organizations.

    Larry firmly believes in learning by doing so in his spare time, he is the author of several open source projects which get hundreds of downloads a month and one, node-localstorage, which gets over 300,000 downloads a month.


    Bugs, Breaches, and More!
    If you build it, they will come
    Learning & Tools
    Food for Thought

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+