Episode Summary

In this episode of Secured, host Cole Cornford chats with Neha Malik, Head of Product Security at REA Group, about building and scaling effective application security (AppSec) programs. They delve into the importance of empathy, communication, and relationship-building between security teams and developers. Neha shares her journey from a Microsoft graduate program, through external consulting at KPMG, and into her current leadership role. They discuss making security easy for engineers, managing security champions programs with realistic expectations, and learning from other disciplines—like psychology and marketing—to better influence and engage stakeholders. Neha and Cole also highlight how tailoring approach and tooling can differ for startups and large enterprises, and emphasise that collaboration, not confrontation, leads to long-term AppSec success.

Timestamps

00:20 - Neha’s Role at REA Group and Positive AppSec Outcomes

01:30 - Starting a Career in Security at Microsoft’s Grad Program

05:45 - Building an AppSec Program from Scratch at REA

10:00 - Startups: Embedding Security in Tools Over Heavy Process

14:40 - Security Champions Programs: Value, Expectations, and Incentives

20:25 - Learning from Other Disciplines (e.g., Psychology) to Influence Teams

Mentioned in this episode:

Call for Feedback