Try like consumer, buy like enterprise — 18 months of a B2B product led journey!
Try like consumer, buy like enterprise — 18 months of a B2B product led journey!TL/DR — Doing a product led journey in B2B startup is building two products with money allocated to build one.In Oct of 2020, I wrote a blog describing our journey of building out a self serve product in code analysis space. Almost ... Read More
Introducing “Attacker Reachability”: Reduce open-source vulnerability tickets by 90% or more.
Introducing “Attacker Reachability”: Reducing open-source vulnerability tickets by 90% or more.Tl;dr; ShiftLeft is announcing Intelligent SCA that uses a four-step process to prioritize vulnerabilities that matter. ShiftLeft Intelligent SCA introduces the concept of “Attacker Reachability” to prioritize only a subset of OSS vulnerabilities for mitigation. Based on testing conducted against a ... Read More
Rashomon Effect and Product Management
Historically, product managers have regularly come across different (and often conflicting) interpretations given to a singular event by the different participants of that event. This could be a user story discussion, a UX experiment or a sales event where one could have encountered how multiple stakeholders view the performance of ... Read More
ShiftLeft Tales — Reducing PoV onboarding times from few weeks to less than 5 minutes!
ShiftLeft Tales — Reducing PoV onboarding times from few weeks to less than 5 minutes!ShiftLeft Product/Engineering team latest product re-design reduced our product demo & onboarding timelines from weeks to less than 5 minutes. We achieved this by some smart product design and some automation. Read on to learn more.If you want to experience ... Read More
Podcast-Ep-2.1- ML, Automation & ShiftLeft at CapitalOne — A conversation with Vincent Weafer
Podcast-Ep-2.1- ML, Automation & ShiftLeft at CapitalOne — A conversation with Vincent Weaferhttps://medium.com/media/d9752cdc858ba8e31c8a1e8e4b8dba93/hrefVincent Weafer, SVP Security Engineering at Capital One in a conversation with Alok Shukla, VP Product Management at ShiftLeft and host of this podcast.Vincent and Alok converse on a range of topics — security engineering and #shiftleft of security, security quality automation, ... Read More
Podcast-Ep-7 #Shifting Left at Roblox — A conversation with Julie Tsai
Podcast-Ep-7 #Shifting Left at Roblox — A conversation with Julie Tsaihttps://medium.com/media/8fc7d0da852ac4bbc3b362907bea2532/hrefThis article was initially published hereA conversation with Julie Tsai on her initiative of #ShiftLeft at Roblox. Julie is the Head of Information Security at Roblox — a wildly successful online gaming company.Julie talks about the practice of Shifting Left in cybersecurity, centrality of ... Read More
Podcast-Ep-9 — From Darkness to Light
Podcast-Ep-9 — From Darkness to Lighthttps://medium.com/media/913159bfa73b9b2b5773721ce8879314/hrefIn this episode of “Sources and Sinks, a conversation with ShiftLeft’s lead security researcher — Niko Schmidt. Niko opens up on his process, what he sees as the key threats and how developers can improve their game to build more secure applicationsAs a fun addition, he tracks his journey ... Read More
Podcast #ShiftLeft at Emirates Group — A conversation with Toufiq Ali
Podcast #ShiftLeft at Emirates Group — A conversation with Toufiq Alihttps://medium.com/media/78a318baa7a593c48f8886571c6b5e16/hrefA conversation with Toufiq Ali — Principal Cybersecurity Engineer at Emirates Group on developer focused security initiatives at the Group.Toufiq delves into the need of integrating security into development pipelines, how security and software development teams created this partnership, and how ShiftLeft Inspect has ... Read More
Secrets, Security Insights and APIs!
Secrets, Security Insights, and APIs!ShiftLeft Inspect can now detect “hardcoded secrets” (across all languages), and provide “security insights” into your JavaScript code. ShiftLeft Inspect has also released a new version of API (v4) to support notions of scans, apps, and export security insights and detected secrets for individual apps.Ability to ... Read More
Inserting security in Github pull requests! — Part 2 (using Github Actions)
Inserting security in GitHub pull requests! — Part 2 (using GitHub Actions)This post builds up in a previous post about inserting code analysis into GitHub pull requests, in this post, we will focus on implementing this workflow based on GitHub Actions for a Java project— “actual code snippets and video to follow”We ... Read More