ELC
+00:00 GMT

Building & leading a combined engineering & security org

with Mike Hanley

April 16, 2024

ABOUT MIKE HANLEY

Mike Hanley is the Chief Security Officer and SVP of Engineering at GitHub. Prior to GitHub, Mike was the Vice President of Security at Duo Security, where he built and led the security research, development, and operations functions. After Duo’s acquisition by Cisco for $2.35 billion in 2018, Mike led the transformation of Cisco’s cloud security framework and later served as CISO for the company. Mike also spent several years at CERT/CC as a Senior Member of the Technical Staff and security researcher focused on applied R&D programs for the US Department of Defense and the Intelligence Community.

When he’s not talking about security at GitHub, Mike can be found enjoying Ann Arbor, MI with his wife and eight kids.

"The idea that the security team is walled off or separate or not really connected, not just to engineering but the entirety of the business, you really can't have that. If you think about the pace of modern development, things are moving so quickly. It's so driven by software. The idea that you're like, ‘Hey, I got to walk down the hall and check in with somebody from security who has no idea what's going on in my roadmap, who has no idea what my day to day experience is living in engineering...’ That just doesn't work!”

- Mike Hanley   


We now have 10 local communities of engineering leaders hosting in-person meetups all over the world!

Local communities are led by eng leaders just like you, who wanted to create a place to connect, share insights & tackle critical challenges in the job.

New York City, Boston, Chicago, Seattle, Los Angeles, San Diego, San Francisco, London, Amsterdam, and Toronto in-person events are happening now!

We’re launching local events all the time - get involved at elc.community!


SHOW NOTES:

  • GitHub’s convergence of the eng & security orgs (2:33)
  • Benefits of combining engineering & security org mandates (4:46)
  • How the security team is involved with the internal product dev lifecycle (8:05)
  • The downsides of engaging your security team as an afterthought (10:46)
  • What an early-stage yes/and product conversation looks like (12:48)
  • Examples of educating your eng team on security best practices (17:17)
  • Expanding two-factor authentication externally (19:29)
  • Stewarding security as a responsibility & value (21:59)
  • Security & safety implications for orgs using / building AI tools (23:44)
  • Why the rise of AI is a great time for eng / security collaboration (27:09)
  • How to leverage security best practices using AI tools (29:53)
  • Mike’s view that AI will create more opportunities & improve structural tech (32:14)
  • Frameworks for getting to “yes” when it comes to adopting AI tooling (35:15)
  • AI-powered tools GitHub is using to change workflows outside of eng & security (39:06)
  • Considerations pivoting toward combining eng & security functions (40:35)
  • Rapid fire questions (42:25)

LINKS AND RESOURCES

  • Why Johnny Can’t Encrypt - Alma Whitten And J. D. Tygar’s argument that effective security requires a different usability standard that is not achievable through the user interface techniques commonly found in consumer software.
  • The Space Trilogy - C.S. Lewis believed that popular science was the new mythology of his age, and in The Space Trilogy he ransacks the uncharted territory of space and makes that mythology the medium of his spiritual imagination.
  • The Works of Peter Drucker

This episode wouldn’t have been possible without the help of our incredible production team:

Patrick Gallagher - Producer & Co-Host

Jerry Li - Co-Host

Noah Olberding - Associate Producer, Audio & Video Editor https://www.linkedin.com/in/noah-olberding/

Dan Overheim - Audio Engineer, Dan’s also an avid 3D printer - https://www.bnd3d.com/

Ellie Coggins Angus - Copywriter, Check out her other work at https://elliecoggins.com/about/

Dive in
Related
podcast
Building your data engineering org
Jul 19th, 2022 Views 1.6K
podcast
Building your data engineering org
Jul 19th, 2022 Views 1.6K
podcast
Building your security team & tool stack
Aug 22nd, 2023 Views 748
36:39
video
Engineering Execution is a Strategic Weapon
Apr 22nd, 2022 Views 695