Nexus Innovator: Bryan Batty of Bloomberg Industry Group, Part 3
Editor’s note: This is Part Three of a four part series, talking with Bryan Batty, Director of Product and Infrastructure Security at Bloomberg Industry Group. In Part Two, Bryan shared his thoughts on pipelines and SBOMs. In this section, Bryan discusses ongoing experiments and how to measure successful initiatives.
“If we are able to get those numbers down, then eventually there will be less time we actually spend remediating security and more time building security into the application.” — Bryan Batty
Learning From Surprises
Mark Miller:
What did you learn recently that surprised you?
Bryan Batty:
Gosh. I had my first kid in 2019. So there are a lot of things where I said, “Whoa, I didn’t know they could do that!” But I assume this is scoped to technology. The Capital One hack surprised me. They are a leader in cloud adoption and they’re very good at security. Seeing that was a big shocker.
Mark Miller:
Did your team go back and look, based on that, and say, “Is going to affect us”?
Bryan Batty:
Oh, I think everybody who’s worth their salt has done that across all technology organizations. We’re looking at different encryption methods and we’re not very mature in the cloud just yet. We’re getting there. We’ve made great strides in the past year and a half.
The Capital One breach was early enough in our adoption where we could say, “Hey, we don’t have to go back and look at hundreds, or thousands and thousands, of S3 buckets and see what’s going on.” We’re building this now. So this is a good opportunity for us to look at our current practices.
Experimenting With Physical Proximity
Mark Miller:
What is your team working on this year? What do you hope (Read more...)
*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Katie McCaskey. Read the original post at: https://blog.sonatype.com/nexus-innovator-bryan-batty-of-bloomberg-industry-group-part-3-of-4
