EP 18 — Daniel Wood, CISO: How Unqork Scales Product Security

Unqork is a no-code application platform that helps large enterprises rapidly build complex custom software by completely removing the usual development challenges of a traditional code-based approach. In this episode, Harshil chats with Unqork’s Chief Information Security Officer, Daniel Wood, to learn more about how he’s helped build and scale the company’s product security program. Daniel has over a decade of experience in the cybersecurity field, having worked as an information security analyst, and lead security engineer in previous roles. Topics discussed: - Daniel’s career journey and his transition from risk-based security work, to technical security engineering, consultancy, and corporate security work - Key differences between his work as a consultant and as an insider security person - Changes Daniel implemented after joining Unqork, and how he chose what to security aspects to prioritize and invest in - Leveraging the OpenSAMM or BSIMM model to guide security investment decisions - Unqork’s goal of building product security features to reduce friction between the engineering and security teams - The challenges faced by most companies when implementing secure frameworks - How to drive the adoption of security initiatives across an organization - How Unqork’s program managers help with strategic and operational priority alignment - How Unqork handles code ownership, architecture review processes, and threat modeling - The importance of keeping teams updated and synced on documentation and engineering resources - Unqork’s maturity roadmap for the future