AiThority Interview with Mike Hanley, CSO at GitHub
Hi Mike, please tell us about your current role and how you arrived at GitHub.
GitHub has always been leading the way in helping developers create secure software — from our early adoption of bug bounties, to the acquisitions of Dependabot and Semmle, the launch of the Security Lab, and more. I’ve joined as CSO to continue driving security both inside GitHub and for developers on the platform.
What is the biggest source of inspiration to join Open Source?
GitHub is where software development happens. So much of the world’s development happens on GitHub that security is not just an opportunity for us, but a responsibility. The capabilities we’re making available to developers like code scanning, secret scanning, dependency review, and others are the ways that we’re helping enable the developer community to secure the software, much of it open source, that powers the world.
Tell us more about your remote workplace technology stack and how do you see them replacing traditional communication tools like emails and messengers? How did these tools help you through the pandemic?
GitHub was created for developers by developers — built to embody everything a developer needs and represents. And at GitHub, we are committed to leading the way in what we believe is the most productive and inclusive environment. For our employees, this means prioritizing employee belonging and remote work. GitHub has distributed work engrained in its DNA and has continued to evolve best practices that benefit employee flexibility. What I value the most about remote work at GitHub is that we’re a global team and a global product.
What is the future roadmap for a programming-centric platform like GitHub? Where do you see yourself as a GitHub CSO in the next 2 years?
We’ve got aggressive plans to double down on our leadership, investment, and commitment to helping developers everywhere build secure and trustworthy software on GitHub. We’re fully committed to making sure GitHub continues to be the most trustworthy home for developers, ecosystems, communities, and teams to come together and create. With 56M+ developers on the platform and many more still with upstream dependencies on GitHub, there’s tremendous opportunity to enable and partner with developers to raise the bar for software security across the entire ecosystem.
How conniving are the current security attacks? What measures should companies take to safeguard their digital resources?
Focusing on the security of the software supply chain is critical with the major trend we’re seeing to “shift left” our security investments. Investments earlier in the software development lifecycle, and arming developers with features like code scanning that can help them prevent a vulnerability from ever escaping into production code, can help avoid massive impact and expense managing the fallout of vulnerabilities that are discovered — in many cases, years after they’re shipped.
How do security benchmarks in the Cloud align with those of Open source/ DevOps communities?
Secure coding standards, like cloud best practices and benchmarks, do exist in many places. The challenge, though, is how to best get the standards, tips, and best practices in the right place for developers to action them. That’s where focusing on the developer experience of security, making it simple to meet the benchmarks and standards, is critical.
A piece of advice to every CIO / CISO leveraging an open source tool like GitHub-
I’ve made heavy use of open source projects to secure every team I’ve ever been a part of. Get involved where you can with the community and discover what’s out there. There are many great projects powering your favorite products and services, and there may be opportunities to not only sponsor the work that’s happening there but discover other exciting projects that can help your teams run faster.
Thank you, Mike! That was fun and we hope to see you back on AiThority.com soon.
Mike Hanley is the Chief Security Officer at GitHub. Prior to GitHub, Mike was the Vice President of Security at Duo Security, where he built and led the security research, development, and operations functions. After Duo’s acquisition by Cisco for $2.35 billion in 2018, Mike led the transformation of Cisco’s cloud security framework and later served as CISO for the company. Mike also spent several years at CERT/CC as a Senior Member of the Technical Staff and security researcher focused on applied R&D programs for the US Department of Defense and the Intelligence Community.
GitHub is the developer company. As the home to more than 56 million developers from across the globe, GitHub is where developers can create, share, and ship the best code possible. GitHub makes it easier to work together, solve challenging problems, and create the world’s most important technologies.