In this episode of the Modern Security Podcast, we interviewed John Steven about scaling security teams and implementing secure by default culture.

6:23 - Intro to John Steven
9:28 - Interesting efforts with AppSec & ProdSec to scale security
10:20 - How to embrace secure defaults
24:01 - Threat Modeling problems
43:02 - Secure Control Efficacy Pyramid
58:50 - Overcoming secure default friction
1:04:12 - Advice for CISOs and startups

--------------
Semgrep is a code security solution that enables organizations to scale their security programs quickly and easily.

Try Semgrep today: https://go.semgrep.dev/3WsqVpT