The Boring AppSec Podcast S2E02 - Dustin Lehr

The second episode of Season 2 is out now! In this episode, we chat with Dustin Lehr. Dustin is the Co-founder, Chief Product and Technology Officer at Katilyst. Dustin also co-founded and co-hosts the “Let’s Talk Software Security!” meetup (which has over 2,500 members). Dustin started his career as a graphic designer and made his way through a few software engineering roles until he landed at Staples. At Staples, he rose through the ranks from a Sr. Data Analytics Software Engineer to become the Head of Application Security. After that, he was the Director of AppSec and the Deputy CISO of Fivetran for ~3 years. Dustin believes that a security champions program can bring tremendous value to any security organization. He also has a website dedicated to it with a ton of resources on it. You can learn more about it here. Below are some of the key takeaways from the episode.

Key Takeaways

• Security champions programs are crucial for fostering a security culture.
• Engagement and leadership support are key to program success.
• Measuring success can be challenging but is essential.
• Behavioral science plays a significant role in security engagement.
• Gamification can enhance training but must be used wisely.
• Curiosity can drive initial engagement but must be sustained.
• Training should be relevant and tailored to the audience.
• Creating empathy between teams improves security outcomes.
• Deep gamification focuses on understanding human drives.
• Starting a company is about helping others, not just profit.
• AI can augment human interactions but cannot replace them.
• Security teams should focus on providing value and support.
• Human connection is essential in cybersecurity.
• The importance of community and collaboration in security efforts.

We hope you tune in and, if you like the episode, please do subscribe!