EP 28 — Injecting Better Security into Products and Processes with Dremio’s Emre Saglam

In this episode of the Future of Application Security, Harshil speaks with Emre Saglam, Head of Security and Compliance at Dremio, a data lakehouse that empowers data engineers and analysts with easy-to-use self-service SQL analytics. They discuss the current state of AppSec, including how to improve security by prioritizing business implications, using frameworks, and having tools "closer to the ground." They also talk about how to structure security teams, how much time you should spend with product teams, what skills are needed for future success, and more.

Topics discussed:

• Emre's career evolution in security, from breaking into mailboxes as a kid growing up in Turkey, to starting a Linux group in the 1990s, to working at places like World Bank and Salesforce before becoming the Head of Security and Compliance at Dremio.
• The current challenges of Product Security, including the need for bigger companies to create ways to glue together their disconnections, and why security teams need to prioritize overall business implications and impact.
• How security is improving through the use of frameworks and tools that are "closer to the ground," making security easier to scale.
• Why security teams should adopt strategies like injecting security across each phase of product development, and why security teams should spend more time with the product team.
• How to structure security teams in terms of which skills to hire, how much time to dedicate to the product side, how to keep up morale and motivation, and how to align teams to create secure products for customers.
• How security teams can bring attention to areas where they may need more resources, planning, or prioritization, and why alignment with leadership is key.
• Why curiosity, questioning intention, being firm, having a Plan B, and good communication are skills that security team members must acquire in order to be successful.
• Why the future of product security will be better correlation, deduplication, and few false positives, and how AI will contribute to being able to write better code.