Unpacking security theater: Insights from Alberto Silveira, Head of Engineering at LawnStarter

This episode features an interview with Alberto Silveira, Head of Engineering at LawnStarter, a marketplace for outdoor home services. He has more than 20 years of experience in software development, having served in leadership positions at companies like OnDeck, Amplify, and Kaplan. He’s also an author, and his book, Building and Managing High-Performance Distributed Teams is out now. On this episode, Alberto and host Tim Chase discuss organizing teams around the shared purpose of driving the business forward, infusing good security practices throughout the organization, and how to deliver more than just “security theater.”Key Quotes*“If we don't make security a top priority as building a new feature on the application, as automation, as CI/CD, how can we actually out succeed? Like building a new feature, but actually lacking customer data or network security, or what's the point if we're gonna be on the news tomorrow with a new security breach? And then we have the most shining feature.”*”Traditional security practices give the sensation that you are safe. [But] is this really actually taking care of what we are trying to achieve? Or is this just us checking another box and saying that we are safe? So that's what I refer to as ‘security theater.’”*”Security should not be seen as a separate group, as a separate initiative. All the concerns when building software - it could be architecture, it could be security, it could be automation, it could be building new features or taking care of tech debt, you name it - all of them are one single source of truth as you are building your roadmap and as you are actually working on it. And it's everyone's responsibility. It's not only for the security team.”*“The fact that you're in the cloud doesn't mean that you're secure at all. That's just the beginning.”Time Stamps[1:17] What’s “security theater”?[3:36] How do you do more than just “check the box” in security?[7:27] What do security practitioners need to know about collaborating more effectively with development and engineering?[11:23] The importance of educating the whole team on the repercussions of poor security management[13:40] Does being in the cloud mean your information is secure?[17:20] The role of the security practitioner as an educator[19:20] Learn more about Alberto’s book, Building and Managing High-Performance Distributed Teams[22:42] What makes a strong manager?LinksConnect with Alberto on LinkedInGet Alberto’s book, Building and Managing High-Performance Distributed TeamsLearn more about LawnStarterLearn more about LaceworkThis podcast is brought to you by Lacework, the leading data-driven cloud-native application protection platform. Lacework is trusted by nearly 1,000 global innovators to secure the cloud from build to run. Lacework delivers true end-to-end protection, empowering customers to prioritize risks, find known and unknown threats faster, achieve continuous cloud compliance, and work smarter–not harder–all from one unified platform. Learn more at Lacework.com.