Views from a Fractional CISO delivering complete security: A conversation with Aruneesh Salhotra

This episode features an interview with Fractional-CISO Aruneesh Salhotra. Aruneesh brings with him 22 years of experience across development, DevSecOps, security, containerization and more. He is also an award-winning presenter, panelist, and author. On this episode, Aruneesh and host Andy Schneider discuss protecting IP source code, what solution to pick based on your integrations, how he’s helping companies shift left, and much more.Key Quotes*”You can only protect what you know about. So cloud definitely has opened the doors for misconfigurations, and misconfigurations can lead to breaches. Cloud has changed the whole security landscape.”*”IP source code is definitely your crown jewel. So you have to protect that with utmost importance. Even if you're storing your source code internally, there is always a threat of internal actors acting against your firm. Predictive branches is definitely a no-brainer. [And] you want to ensure access is configured properly.”*”The skills and awareness of the CISO change manyfold with the cloud. So having that awareness of what can possibly go wrong, having an awareness of not just the field itself, but also understanding who are the key players. There’s a lot of pressure on security leaders and practitioners to not only realize the need for a particular control, but at the same time trying to figure out what solution actually fits the organization based on your culture and integrations.”Time Stamps[1:04] The rising challenges of securing the cloud[2:40] How does Aruneesh protect source codes?[6:41] What skills do security practitioners need today? Do they need to be able to write code?[13:09] As someone whose background is in AppSec, what are security leaders missing today?[15:48] What makes a good security leader?[20:14] What was a lesson Aruneesh learned in his career?[22:50] What is a Fractional-CISO?[25:57] What’s the difference in responsibilities between a Fractional-CISO and an operational internal CISO?LinksConnect with Aruneesh on LinkedInConnect with Andy on LinkedInLearn more about LaceworkThis podcast is brought to you by Lacework, the leading data-driven cloud-native application protection platform. Lacework is trusted by nearly 1,000 global innovators to secure the cloud from build to run. Lacework delivers true end-to-end protection, empowering customers to prioritize risks, find known and unknown threats faster, achieve continuous cloud compliance, and work smarter–not harder–all from one unified platform. Learn more at Lacework.com.