ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "#138 - Building Application Security Program - Derek Fisher"
Episode Synopsis
“Building an application security program is about ensuring security is built into the software development lifecycle and how to respond to vulnerabilities."
Derek Fisher is the author of “Application Security Program Handbook”. In this episode, Derek shared about building an application security program and how to implement it in our organization. First, we discussed some security fundamental concepts, such as shift-left, CIA triad, and threat modeling. Derek then outlined how to start an application security program and measure the program’s success. Derek also touched on the security program maturity model and gave his tips on how to build and hire application security teams. Towards the end, Derek also gave his insights on how to address zero-day vulnerabilities when it becomes prominent.
Listen out for:
Career Journey - [00:03:51]
Building Application Security Program - [00:06:56]
Shifting Left - [00:11:58]
CIA Triad - [00:16:30]
Threat Modeling - [00:19:04]
Threat Classification - [00:22:49]
Starting Application Security Program - [00:27:04]
Security Program Maturity Model - [00:32:45]
Building Security Teams - [00:35:27]
Measuring the Program’s Success - [00:40:19]
Zero Day Vulnerabilities - [00:42:48]
3 Tech Lead Wisdom - [00:44:59]
_____
Derek Fisher’s BioDerek is an award winning author of a children’s book series in cybersecurity as well as the author of “The Application Security Handbook.” He is a university instructor at Temple University where he teaches software development security to undergraduate and graduate students. He is a speaker on topics in the cybersecurity space and has led teams, large and small, at organizations in the healthcare and financial industries. He has built and matured information security teams as well as implemented organizational information security strategies to reduce the organizations risk. His focus has been to raise the security awareness of the engineering organization while maintaining a practice of secure code development, delivery, and operations.
Follow Derek Fisher:
LinkedIn – linkedin.com/in/derek-fisher-sec-arch
YouTube – @securelybuilt5967
Website – securelybuilt.com
_____
Our Sponsors
Are you looking for a new cool swag? Tech Lead Journal now offers you some swags that you can purchase online. These swags are printed on-demand based on your preference, and will be delivered safely to you all over the world where shipping is available. Check out all the cool swags available by visiting techleadjournal.dev/shop. And don't forget to brag yourself once you receive any of those swags.
Like this episode?
Show notes & transcript: techleadjournal.dev/episodes/138
Follow @techleadjournal on LinkedIn, Twitter, and Instagram.
Buy me a coffee or become a patron.
Derek Fisher is the author of “Application Security Program Handbook”. In this episode, Derek shared about building an application security program and how to implement it in our organization. First, we discussed some security fundamental concepts, such as shift-left, CIA triad, and threat modeling. Derek then outlined how to start an application security program and measure the program’s success. Derek also touched on the security program maturity model and gave his tips on how to build and hire application security teams. Towards the end, Derek also gave his insights on how to address zero-day vulnerabilities when it becomes prominent.
Listen out for:
Career Journey - [00:03:51]
Building Application Security Program - [00:06:56]
Shifting Left - [00:11:58]
CIA Triad - [00:16:30]
Threat Modeling - [00:19:04]
Threat Classification - [00:22:49]
Starting Application Security Program - [00:27:04]
Security Program Maturity Model - [00:32:45]
Building Security Teams - [00:35:27]
Measuring the Program’s Success - [00:40:19]
Zero Day Vulnerabilities - [00:42:48]
3 Tech Lead Wisdom - [00:44:59]
_____
Derek Fisher’s BioDerek is an award winning author of a children’s book series in cybersecurity as well as the author of “The Application Security Handbook.” He is a university instructor at Temple University where he teaches software development security to undergraduate and graduate students. He is a speaker on topics in the cybersecurity space and has led teams, large and small, at organizations in the healthcare and financial industries. He has built and matured information security teams as well as implemented organizational information security strategies to reduce the organizations risk. His focus has been to raise the security awareness of the engineering organization while maintaining a practice of secure code development, delivery, and operations.
Follow Derek Fisher:
LinkedIn – linkedin.com/in/derek-fisher-sec-arch
YouTube – @securelybuilt5967
Website – securelybuilt.com
_____
Our Sponsors
Are you looking for a new cool swag? Tech Lead Journal now offers you some swags that you can purchase online. These swags are printed on-demand based on your preference, and will be delivered safely to you all over the world where shipping is available. Check out all the cool swags available by visiting techleadjournal.dev/shop. And don't forget to brag yourself once you receive any of those swags.
Like this episode?
Show notes & transcript: techleadjournal.dev/episodes/138
Follow @techleadjournal on LinkedIn, Twitter, and Instagram.
Buy me a coffee or become a patron.
More episodes of the podcast Tech Lead Journal
#242 - The End of Traditional Management: Reimagining Work for AI-First Organization - Jurgen Appelo
08/12/2025
#241 - Your Code as a Crime Scene: The Psychology Behind Software Quality - Adam Tornhill
01/12/2025
#240 - AI as Your Thought Partner: Break Boundaries & Do What You Never Could Before - Greg Shove
24/11/2025
#238 - AI is Smart Until It's Dumb: Why LLM Will Fail When You Least Expect It - Emmanuel Maggiori
10/11/2025
#237 - Tackling AI and Modern Complexity with Deming's System of Profound Knowledge - John Willis
03/11/2025
#236 - From Figma to Code: The Rise of Design Engineers (And Why It Matters Now) - Honey Mittal
27/10/2025
In God we trust