Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room.
Today, we’re excited to have an amazing guest, Mel Reyes, join us.
Mel has navigated through two IPOs and three M&As, worked with several startups, Pepsi and Mercedes, and accumulated a bunch of patents along the way.
With more than 30 years of experience in various leadership, advising, and coaching roles, he enjoys building and empowering security teams within organizations.
He's heavily invested in the cybersecurity community and has built his own, The Fellowship of Digital Guardians.
That’s why we’re extremely excited to talk with him today about investment in security training within the organizations. Tune in and discover whether it's a necessary or overrated expense.
In our conversation, Mel shares why:
- Investing in security training and programs is crucial for the safety and success of companies
- Implementing a cultural change that prioritizes security is essential
- The shift left approach, integrating security from the beginning of development, is, despite being constantly mentioned within last years, is a must
- Developers play a critical role in ensuring security and should be trained accordingly
- Applying behavioral understanding can be valuable in managing cross-functional teams and identifying individual strengths and weaknesses
- Cybersecurity can be perceived as boring, but it is essential to find enjoyment and passion in the field
- Books like 'Never Split the Difference' and 'Surrounded by Idiots' provide techniques and frameworks for understanding human behavior
Let’s dive in!