Snyk Engineer on the Rift Between Developers, Security TeamsSnyk's Matt Mintzer Shares Why App Developers Need Security Tracks, Not Guardrails
The traditional application development model that puts security checks at the end of the process creates needless friction that slows down organizations, says Snyk solutions engineer Matt Mintzer.
Mintzer urges application security specialists to build tracks rather than guardrails for the development team so they can move quickly rather than having to prepare for an accident that might happen after the fact. Developers often struggle with adopting an adversarial mindset, while security analysts or security engineers excel at thinking about configurations from the standpoint of a hacker (see: Synopsys, Checkmarx Top Gartner MQ for App Security Testing).
"Developers are often trained like they're building a sandcastle at the beach," Mintzer says. "Let everybody come in, and we'll build a wonderful app that'll change the world. But the problem is: It's a public beach, and anyone can come and kick in your sandcastle."
In this video interview with Information Security Media Group, Mintzer also discusses:
- How to embed security into the build process;
- Why fast feedback on code errors is important;
- The most overlooked aspects of code security.
Mintzer joined Snyk in his current role in April after nearly four years at Fullstack Academy, where he worked his way up to lead cybersecurity instructor. His experience covers everything from modern web development, general scripting and automation and web application/API security to Linux and Windows operating systems, cloud computing and networking and threat modeling. Mintzer has a proven ability to convey extremely technical concepts to audiences with varying technical prowess.