EP 30 — C.H. Robsinson’s Jason Espone on Building Business Resiliency Through Application Security

In this episode of the Future of Application Security, Harshil speaks with Jason Espone, Global Head — Application Security Engineering | Cybersecurity at C.H. Robinson, the world’s most powerful logistics platform allowing customers to ship goods around the world. They discuss the challenges of addressing tech debt at a 117-year-old company, strategies to manage a vast application portfolio, and the importance of being able to articulate risk to leadership. They also discuss how application security plays a part in business resiliency, and how to think about data-driven application security.

Topics discussed:

• Jason's career evolution, from starting as a Java developer, to moving to software configuration management at Motorola Labs, to building and scaling DevSecOps platforms, to becoming the Global Head of Application Security Engineering and Cybersecurity at C.H. Robinson.
• The challenges of application security at a 117-year-old company, including how to solve the tech debt that's accumulated over the organization's history.
• The importance of not only understanding the risk to your business, but being able to articulate that risk to leadership for better prioritization.
• Understanding the landscape of applications by building a portfolio of applications, ranking by risk and other factors, and using a tool like Backstage to manage and prioritize it all.
• How C.H. Robinson uses metrics to evaluate each product line and its security posture to create an overall risk score of the organization and improve business resiliency.
• Why it's important to have data drive your application security strategy.
• What the future of application security looks like, including how security will integrate AI, the rising importance of threat modeling, and why IAM is the future of security.