Software at Scale 24 - Devdatta Akhawe: Head of Security, Figma

Devdatta Akhawe is the Head of Security at Figma. Previously, he was Director of Security Engineering at Dropbox, where he led multiple teams on product security and abuse prevention.Apple Podcasts | Spotify | Google PodcastsIn this episode, we discuss security for startups, as well as dive deep into some interesting new developments in the security realm like WebAuthn and BeyondCorp. We wrap things up with slightly philosophical points on the relationship between security and regulation.Highlights0:00 - What got Dev interested in computer security?4:00 - Security for a startup. What framework should a CTO use to think about security as their startup gets its first customer?7:30 - Trends in the security space. Increasing customer demand for security due to the multi-tenant nature of the cloud. Lateral movement attacks.12:45 - BeyondCorp. “There’s BeyondCorp, and YOLO NoCorp”. NIST’s paper on it.25:00 - How should I think about a Bug Bounty program as a startup founder? - Having a good “Vulnerability Disclosure Policy” is an extremely valuable first step26:30 - Why would anyone report bugs if they weren’t being paid for them?30:00 - Interesting security products that companies might want to buy :)34:30 - What is WebAuthn?39:00 - How security and usability shouldn't be a trade-off43:00 - Security regulations47:00 - A repeat question - as a startup, what should I do to keep myself secure? This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.softwareatscale.dev