Advancing AppSec With AI: A Conversation With Akira Brand
In this episode of The Secure Developer, Danny Allan, CTO of Snyk Security, speaks with Akira Brand, AVP of Application Security at PRA Group. Akira shares her unique journey from opera and classical music to cybersecurity and discusses the importance of collaboration and culture in advancing application security (AppSec). Akira emphasizes that application security is primarily a customer service role, where the customers are software engineers. She stresses the importance of understanding what software engineers want, including working in their own environments and learning more about their craft. Akira has implemented monthly "lunch and learn" sessions to educate engineers on best security practices, which have been very well received. The discussion also addresses the impact of artificial intelligence (AI) on application security. Akira and Danny agree that fundamental security issues, such as input validation and authentication, remain the same despite evolving infrastructures. They discuss the importance of creating secure-by-default development frameworks and tools to reduce vulnerabilities. Akira expresses her frustration with the rapid pace at which AI is evolving, making it difficult to update security policies and procedures. She advocates for a more flexible and iterative approach to adopting AI. Danny and Akira also discuss the importance of incident response and forensics in understanding and preventing future security incidents. The conversation turns to the future of application security with AI. Akira is enthusiastic about using AI to teach security practices and for automated code reviews. However, she emphasizes the need for contextual solutions that do not compromise proprietary code. Danny mentions augmented recovery generation (RAG) as a potential solution for keeping sensitive data in-house while using AI for correction suggestions. Finally, Akira and Danny discuss exciting trends in the industry, including increased research on modern web application security and microservices. They speculate on the future of AI in software development and security, and the possibility of full automation in these areas. To learn more, listen to the full episode at the following address: https://snyk.io/podcasts/the-secure-developer/advancing-appsec-with-ai-with-akira-brand/