This episode features an interview with Frank Wang, Lead Security Engineer at Headway, a new mental healthcare system that works to remove historic barriers faced by mental health providers, payers, and patients. Previously, Frank served as staff security engineer and the first hire in that function at dbt Labs. He has also dabbled in venture capital and academia. He holds a PhD from MIT focused on security and cryptography and a B.S. in computer science from Stanford. And on this episode, Frank and host Tim Chase discuss the benefits of on prem versus cloud storage, why getting complete visibility of the cloud is unlikely, and why partnering with engineers is critical to successful cybersecurity.
This episode features an interview with Frank Wang, Lead Security Engineer at Headway, a new mental healthcare system that works to remove historic barriers faced by mental health providers, payers, and patients. Previously, Frank served as staff security engineer and the first hire in that function at dbt Labs. He has also dabbled in venture capital and academia. He holds a PhD from MIT focused on security and cryptography and a B.S. in computer science from Stanford. And on this episode, Frank and host Tim Chase discuss the benefits of on prem versus cloud storage, why getting complete visibility of the cloud is unlikely, and why partnering with engineers is critical to successful cybersecurity.
Key Quotes
*”People are challenging the idea that 100 percent cloud at scale works. Everything comes with a cost. And the cloud gives you elasticity. That's always what it's been for. If you don't know what your load is like, it doesn't make sense for you to buy infrastructure. That's a complete waste of resources. But if you know and have stable workloads, then it makes a ton of sense for you to put those workloads on prem just from a pure cost and engineering perspective. It's cheaper.”
*”We're never going to fully solve for visibility in the cloud. I think there's a number of reasons for it. AWS is coming out with new features. There's so many features you can't keep track of. What are developers doing? What new APIs are there? And so I think it's just much harder to keep track of all the changes that are happening in the cloud, let alone developers who are now using these. And then as your team expands, it compounds itself. So I think visibility is always going to be a pretty big problem. And then we have to just really decide at some point what matters most and what's the highest risk and what we really need visibility in. Because I don't think we're going to get complete visibility.”
*”You should focus on enablement instead of enforcement to start, which means like, ‘How do I enable people to have the best security practices in a sustainable way?’ And then push very hard until you exhaust all possible enablement and then go toward enforcement. That works better earlier on at a company.”
Time Stamps
[0:35] Introduction: Meet Frank Wang, Lead Security Engineer at Headway
[1:16] Problems with Cloud Security
[2:29] Visibility Problems in Cloud Security
[4:07] Improvements Needed in Cloud Security
[12:41] Cloud Security in the Business Context
[7:13] Shifting Back to Hybrid Infrastructure
[10:10] Building Trust as a Security Professional
[17:03] The Future of Cybersecurity
[21:17] Getting into the Cybersecurity Industry
[30:20] Addressing the Cybersecurity Shortage
Links
This podcast is brought to you by Lacework, the leading data-driven cloud-native application protection platform. Lacework is trusted by nearly 1,000 global innovators to secure the cloud from build to run. Lacework delivers true end-to-end protection, empowering customers to prioritize risks, find known and unknown threats faster, achieve continuous cloud compliance, and work smarter–not harder–all from one unified platform. Learn more at Lacework.com.