Interview with the BISA association on information security risks and secure development

October 8, 2025·186 views

🎧 Interview with the BISA association on information security risks and secure development

Salute,

I found a bearded in the bins, but still relevant interview with the BISA association @bisafm - about secure software development, information security risks and how to be friends with all this together.

Looking at this interview now you understand that in general little is changing, we are only moving in more complex directions, which brings pleasure.

In fact, three years have passed, but the questions are still the same:

How to build security into development without burying TTM speed, and why does business need this DevSecOps at all.

What did they talk about

- Who are DevSecOps and why “Sec” is not a tool, but a culture

- How to build an SDLC where security does not interfere with releases

-⁠ Why does the bank need Quality Gate and how does it reduce risks even before production (hello to my cool colleagues from Rosbank, you and I did things)

- How risk management really relates to safe development

- What are the limitations and assumptions for a business-oriented approach to information security risks?

- How and why is this story needed at all? We touched a little on the regulator (at that time a favorite, like a must-have)

- Why Shift-Left is not a slogan, but a way to save time and money

Why it's worth watching

If you work with products, security, or just want to understand how bank-level companies build a DevSecOps approach, the interview will give a clear picture.

No PR, no scary words - just real experience.

Timestamp:

▪️00:35 - What is DevOps

▪️1:50 - DevSecOps as a secure software development process

▪️3:15 - How risk management is related to the development of secure software

▪️6:52 - What benefits does the implementation of secure software development and its interaction with risk management give to a bank?

▪️8:59 - What risks of the bank and clients are reduced with this approach

▪️10:20 - What advantages does this give to development teams?

▪️11:59 - How the maturity of the implementation of these processes in teams is assessed

▪️12:30 - Why Rosbank decided to implement a secure software development process

🎬 YouTube

In summary: it is useful to hear how information security works in different industries, and when they say that the regulator sets conditions and everyone is forced to comply with them within the framework of fintech, then we see what we, as a business, need most in order to protect clients. Simply put, in fact, the regulator makes you think about customers. Something like this

#podcast #devsecops #appsec #compliance #pmi #gost

#подкаст#devsecops#appsec#compliance#pmi#gost

Open in Telegram