In our first episode of Security Nation Season 5, Jen and Tod chat with Mike Hanley, Chief Security Officer at GitHub, all about the major vulnerability in Apache’s Log4j logging library (aka Log4Shell). Mike talks about the ins and outs of GitHub’s response to this blockbuster vulnerability and what could have helped the industry deal with an issue of this massive scope more effectively (hint: he drops the SBOM). They also touch on GitHub's updated policy on the sharing of exploits.
Stick around for our Rapid Rundown, where Tod and Jen talk about Microsoft’s release of emergency fixes for Windows Server and VPN over Martin Luther King Day weekend.
Mike Hanley is the Chief Security Officer at GitHub. Prior to GitHub, Mike was the Vice President of Security at Duo Security, where he built and led the security research, development, and operations functions. After Duo’s acquisition by Cisco for $2.35 billion in 2018, Mike led the transformation of Cisco’s cloud security framework and later served as CISO for the company. Mike also spent several years at CERT/CC as a Senior Member of the Technical Staff and security researcher focused on applied R&D programs for the US Department of Defense and the Intelligence Community.
When he’s not talking about security at GitHub, Mike can be found enjoying Ann Arbor, MI with his wife and seven kids.
Interview linksRead GitHub’s blog on the Log4j vulnerability, and the follow-up.Check out GitHub’s Dependabot.Find out security nation hanley github log4j vulnerability