All links and images for this episode can be found on CISO Series Developers and security professionals have been heavily sold on the concept of "shift left" or deal with security issues early in development rather bolting it on at the end. It all made logical sense, but now we've been doing it for a few years and has shift-left actually reduced application security concerns? Check out this post, this post, and this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Mike Gorman (@gormamic), head of security and compliance, NetFoundry. Thanks to our podcast sponsor, Netfoundry NetFoundry, built on OpenZiti, is the only solution purpose-built to connect massively distributed apps, edges, clouds and devices in minutes, ensuring zero trust of the internet, local and OS host network and delivered as SaaS. Isolating the app to make network security irrelevant and remove the pain of public DNS, VPNs, bastions, as well as complex firewall rules. In this episode: We look at dealing with security issues early in development rather than bolting it on at the end. We ask whether or not application developers and security professionals are actually reducing security issues with "shift left” framework. And do they actually reduce or even eliminate the need for other security controls?