EP 26 — Derek Fisher: How Envestnet Scales Product Security

In this episode of the Future of Application Security, Harshil speaks with Derek Fisher, the Head of Product Security at Envestnet, a publicly traded financial technology company that connects people's daily financial decisions with their long-term financial goals. Derek is a highly accomplished professional with an exceptional track record in engineering and information security. With his experience as an award-winning author, speaker, leader, and university instructor, Derek provides valuable insights into the world of application security and risk management. Key topics discussed: The step-by-step approach to build a mature application security program. Utilizing tools like dynamic scanners and software composition for vulnerability management. Collaboration with product and engineering teams to stay informed about upcoming changes. Importance of early involvement in the development lifecycle to enhance security. The role of enterprise architecture teams in the application security process. Challenges in tracking and responding to development team activities in agile environments. Resources mentioned: Derek's book, "The Application Security Program Handbook" Derek's children's book, "Alicia Connected"