Software at Scale 24 - Devdatta Akhawe: Head of Security, Figma
Devdatta Akhawe is the Head of Security at Figma. Previously, he was Director of Security Engineering at Dropbox, where he led multiple teams on product security and abuse prevention.
In this episode, we discuss security for startups, as well as dive deep into some interesting new developments in the security realm like WebAuthn and BeyondCorp. We wrap things up with slightly philosophical points on the relationship between security and regulation.
0:00 - What got Dev interested in computer security?
4:00 - Security for a startup. What framework should a CTO use to think about security as their startup gets its first customer?
7:30 - Trends in the security space. Increasing customer demand for security due to the multi-tenant nature of the cloud. Lateral movement attacks.
12:45 - BeyondCorp. “There’s BeyondCorp, and YOLO NoCorp”. NIST’s paper on it.
25:00 - How should I think about a Bug Bounty program as a startup founder? - Having a good “Vulnerability Disclosure Policy” is an extremely valuable first step
26:30 - Why would anyone report bugs if they weren’t being paid for them?
30:00 - Interesting security products that companies might want to buy :)
34:30 - What is WebAuthn?
39:00 - How security and usability shouldn't be a trade-off
43:00 - Security regulations
47:00 - A repeat question - as a startup, what should I do to keep myself secure?