EP 60 - Appian’s Abdullah Munawar on Enhancing Product Security Amid Evolving Development Trends

In this episode of the Future of Application Security podcast, Harshil speaks with Abdullah Munawar, Director of Product Security at Appian. Abdullah shares valuable insights into his journey from security assessments and consulting to leading product security efforts, discussing the evolving challenges and strategies for building effective security programs in modern development environments.

He discussed the importance of evolving security practices beyond identification to implementation within organizations, including the need for a holistic approach to product security and focusing on high-priority vulnerabilities. Abdullah also explains the challenges of maintaining data quality in AI companies.

Topics discussed:

• The transition from consulting to in-house product security and the importance of hands-on experience in understanding the challenges of implementing security fixes and mechanisms.
• Defining the scope of product security in the context of decentralized development practices and the shift towards "you build it, you manage it" approaches.
• The changing role and structure of product security teams to address the full stack of security concerns, from architecture and automation to traditional AppSec tasks.
• Strategies for driving remediation and adoption of security practices, including leadership buy-in, targeted automation, and empathy-building initiatives like security champion programs.
• Emerging challenges in product security related to AI and data management, such as data poisoning, segregation, and unintended leakage.