DevSec For Scale Podcast – Shift-Left Product Security w/ Neatsun Ziv, Ox Security

In this episode of the “DevSec for Scale” podcast, Jeremy Hess welcomes Neatsun Ziv, co-founder and CEO of Ox Security. They discuss the challenges startups face in implementing product security and the critical role penetration testing plays in revealing vulnerabilities. Neatsun shares that the initial penetration test often serves as a wake-up call for startups, highlighting the discrepancies between their perceived security posture and actual vulnerabilities. He emphasizes the importance of integrating security measures from the beginning to avoid significant issues later.

Neatsun, who spent over a decade at Check Point as Vice President for Cyber Security, explains that startups typically struggle with product security due to the lack of dedicated security personnel in the early stages. This task often falls on the engineering team, leading to ad hoc and incomplete security measures. As startups grow, they might integrate basic security tools like static code analysis and software composition analysis, but a comprehensive security program often isn’t established until much later. Neatsun notes that even larger organizations face challenges, although they may have more resources to address them.

The discussion also touches on how Ox Security aims to streamline product security by automating processes and integrating security into the CI/CD pipeline. Neatsun explains that their platform helps startups manage security without requiring extensive resources or specialized personnel. He advocates for establishing a solid security framework early on, focusing on secure design and basic vulnerability checks. By doing so, startups can build a robust security foundation, minimizing the need for costly and time-consuming refactoring later. The episode concludes with practical tips for improving developer security, such as conducting design reviews and leveraging free or low-cost security tools to address basic vulnerabilities.