• CSNP

Inside AppSec Podcast: The Intersection Between Cloud Security and Application Security


Black background with Green and white text. Person talking into microphone

Jimmy Xu began working in information security in the military and then with the Department of Defense. After transitioning to the private sector, he now serves as Director of DevSecOps and Cloud Security at technology integrator and consultancy Trace3. As specialists in emerging technology, Trace3’s work has naturally expanded into areas such as the cloud and AI to help customers prepare for the next digital wave that’s coming their way.


Early on, the cloud was about defining the shared responsibility model, establishing a governance framework, and enabling the various “as-a-service” models. But today, most conversations are about cloud-native applications—breaking applications down into cloud-based components and leveraging things like microservices and serverless development. And all of this requires a re-think of application security—going beyond traditional means that can no longer offer the same protection.


Much of what’s happening in the cloud today leads to application development. And as developers embrace initiatives like DevOps environments to modernize their development of cloud-native applications, their understanding of security must also evolve. Moving to the cloud makes things easier, as organizations can spin up infrastructure for greater speed and scale. But this is also where traditional AppSec processes and tooling fail to keep pace with DevOps. Get these and other details by listening to this Inside AppSec podcast interview with Jimmy Xu.


This post is sponsored by Contrast Security

20 views0 comments