Application Security & Online Fraud , Fraud Management & Cybercrime , Video

Snyk Engineer on the Rift Between Developers, Security Teams

Snyk's Matt Mintzer Shares Why App Developers Need Security Tracks, Not Guardrails
Matt Mintzer, solutions engineer, Snyk

The traditional application development model that puts security checks at the end of the process creates needless friction that slows down organizations, says Snyk solutions engineer Matt Mintzer.

See Also: Breaking Down Silos With a Holistic View of Security, Risk

Mintzer urges application security specialists to build tracks rather than guardrails for the development team so they can move quickly rather than having to prepare for an accident that might happen after the fact. Developers often struggle with adopting an adversarial mindset, while security analysts or security engineers excel at thinking about configurations from the standpoint of a hacker (see: Synopsys, Checkmarx Top Gartner MQ for App Security Testing).

"Developers are often trained like they're building a sandcastle at the beach," Mintzer says. "Let everybody come in, and we'll build a wonderful app that'll change the world. But the problem is: It's a public beach, and anyone can come and kick in your sandcastle."

In this video interview with Information Security Media Group, Mintzer also discusses:

  • How to embed security into the build process;
  • Why fast feedback on code errors is important;
  • The most overlooked aspects of code security.

Mintzer joined Snyk in his current role in April after nearly four years at Fullstack Academy, where he worked his way up to lead cybersecurity instructor. His experience covers everything from modern web development, general scripting and automation and web application/API security to Linux and Windows operating systems, cloud computing and networking and threat modeling. Mintzer has a proven ability to convey extremely technical concepts to audiences with varying technical prowess.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.