x

75% of people globally want unbiased news (Pew Research) but are concerned they're not getting that.

Get balanced coverage with Symby. See how stories are covered across diverse outlets and spot when one side covers a story the other skips.

PODCAST

The Application Security Podcast

Chris Romeo and Robert Hurlbut

Chris Romeo and Robert Hurlbut dig into the tips, tricks, projects, and tactics that make various application security professionals successful. They cover all facets of application security, from threat modeling and OWASP to DevOps+security and security champions. They approach these stories in an educational light, explaining the details in a way those new to the discipline can understand. Chris Romeo is the CEO of Devici and a General Partner at Kerr Ventures, and Robert Hurlbut is a Principal

technology tech news

All Episodes

50:20

Matin Mavaddat - Understanding Security as a Systemic...

The Application Security Podcast ·

2024/11/12

Matin Mavaddat discusses his perspective on security as a systemic concern, developed from his background in requirements engineering and systems architecture. He introduces the concept of "anti-requirements" - defining what a system should not do - and distinguishes between "syntactic security" (addressing technical vulnerabilities that are always incorrect) and "semantic security" (context-dependent security emerging from system interactions). Mavaddat shares his perspective that security i...

en-us

32:46

Kayra Otaner -- DevSecOps

The Application Security Podcast ·

2024/10/29

Kayra Otaner joins the podcast today to discuss DevSecOps and answer the question, is it dead? Kayra is the Director of DevSecOps at Roche and is highly involved in the DevSecOps community. Kayra states that DevSecOps in its traditional form is “dead” and that each organization should approach its needs based on their size. Otaner introduces the concept of "security as code" and "policy as code" as more effective approaches, where security functions are codified rather than relying on traditi...

en-us

45:31

François Proulx - Arbitrary Code Execution 0-day in...

The Application Security Podcast ·

2024/10/22

François Proulx shares his discovery of security vulnerabilities in build pipelines. Francois has found that attackers can exploit this often overlooked side of the software supply chain. To help address this, his team developed an open source scanner called Poutine that can identify vulnerable build pipelines at scale and provide remediation guidance. Francois has over 10 years of experience in building application security programs, he’s also the founder of the NorthSec conference in Montre...

en-us

36:32

Steve Wilson -- The Developer's Playbook for Large...

The Application Security Podcast ·

2024/10/01

Join hosts Chris Romeo and Robert Hurlbut on the Application Security Podcast as they welcome back Steve Wilson, author of 'The Developer's Playbook for Large Language Model Security.' In this episode, they dive into critical topics such as AI hallucinations, trust, and the future of AI. Steve shares insights from his book, discusses the biggest fears surrounding AI and LLMs. He also provides practical advice on security boundaries, LLM-specific security testing tools, and the evolving landsc...

en-us

51:28

Jeff Williams -- Application Detection & Response (ADR)

The Application Security Podcast ·

2024/09/24

Join us in this week’s episode of the Application Security Podcast where we sit down with Jeff Williams, a renowned pioneer in the field of application security. Jeff discusses ADR (Application Detection and Response), detailing its potential to revolutionize security in production environments. Listen as he shares stories from his career, including the founding of OWASP and his take on security assurance. Whether you're new to AppSec or a seasoned expert, this conversation offers valuable pe...

en-us

52:08

Phillip Wylie -- Pen Testing from Somebody who Knows...

The Application Security Podcast ·

2024/09/17

Join Robert and Chris Romeo as they dive into the world of pen testing with their guest Philip Wiley. In this episode, Philip shares his unique journey from professional wrestling to being a renowned pen tester. Hear some great stories from his wrestling days, in-depth discussions on application security, and good advice on starting a career in cybersecurity. Whether you're interested in pen testing techniques, learning about security origin stories, or gaining insights into career developmen...

en-us

48:13

Steve Springett -- Software and System Transparency

The Application Security Podcast ·

2024/08/29

In this episode of the Application Security Podcast, hosts Chris Romeo and Robert Hurlbut welcome back Steve Springett, an expert in secure software development and a key figure in several OWASP projects. Steve unpacks CycloneDX and the value proposition of various BOMs. He gives us a rundown of the BOM landscape and unveils some new BOM projects that will continue to unify the security industry. Steve is a seasoned guest of the show so we learn a bit more about Steve's hobbies, providing a p...

en-us

40:14

Irfaan Santoe -- The Power of Strategy in AppSec

The Application Security Podcast ·

2024/07/31

Join Irfaan Santoe and hosts Chris Romeo and Robert Hurlbut for an in-depth discussion on the maturity and strategy of Application Security programs. They delve into measuring AppSec maturity, return on investment, and communicating technical needs to business leaders. Irfaan shares his unique journey from consulting to becoming an AppSec professional, and addresses the gaps between CISOs and AppSec knowledge. This episode provides valuable insights for scaling AppSec programs and aligning th...

en-us

51:51

Andrew Van Der Stock -- The New OWASP Top Ten

The Application Security Podcast ·

2024/07/23

Join Chris Romeo and Robert Hurlbut as they sit down with Andrew Van Der Stok, a leading web application security specialist and executive director at OWASP. In this episode, Andrew discusses the latest with the OWASP Top 10 Project, the importance of data collection, and the need for developer engagement. Learn about the methodology behind building the OWASP Top 10, the significance of framework security, and much more. Tune in to get vital insights that could shape the future of web applica...

en-us

61:45

Derek Fisher -- Hiring in Cyber/AppSec

The Application Security Podcast ·

2024/07/16

In this episode of the Application Security Podcast, Chris Romeo and Robert Hurlbut welcome back Derek Fisher, an expert in hardware, software, and cybersecurity with over 25 years of experience. Derek shares his advice on cybersecurity hiring, specifically in application security, and dives into the challenges of entry-level roles in the industry. The discussion also explores the value of certifications, the necessity of lifelong learning, and the importance of networking. Tune in for valuab...

en-us

64:50

Tanya Janca -- Secure Guardrails

The Application Security Podcast ·

2024/07/09

Join us for a conversation with Tanya Janka, also known as SheHacksPurple, as she discusses secure guardrails, the difference between guardrails and paved roads, and how to implement both in application security. Tanya, an award-winning public speaker and head of education at SEMGREP, shares her insights on creating secure software and teaching developers. Tanya also shares with us about her hobby farm and love for gardening. Mentioned in this episode:Tanya Janca – What Secure Codi...

en-us

49:44

Jahanzeb Farooq -- Launching and executing an AppSec...

The Application Security Podcast ·

2024/07/02

In this episode of the Application Security Podcast, hosts Chris Romeo and Robert Hurlbut are joined by Jahanzeb Farooq to discuss his journey in cybersecurity and the challenges of building AppSec programs from scratch. Jahanzeb shares his experience working in various industries, including Siemens, Novo Nordisk, and Danske Bank, highlighting the importance of understanding developer needs and implementing the right tools. The conversation covers the complexities of cybersecurity in the...

en-us

56:54

David Quisenberry -- Building Security, People, and...

The Application Security Podcast ·

2024/06/18

In this episode of the Application Security Podcast, hosts Chris Romeo and Robert Hurlbut engage in a deep discussion with guest David Quisenberry about various aspects of application security. They cover David's journey into the security world, insights on building AppSec programs in small to mid-sized companies, and the importance of data-driven decision-making. The conversation also delves into the value of mentoring, the vital role of trust with engineering teams, and the significanc...

en-us

46:14

Matt Rose -- Software Supply Chain Security Means...

The Application Security Podcast ·

2024/06/11

In this episode of the Application Security Podcast, hosts Chris Romeo and Robert Hurlbut welcome Matt Rose, an experienced technical AppSec testing leader. Matt discusses his career journey and significant contributions in AppSec. The conversation delves into the nuances of software supply chain security, exploring how different perceptions affect its understanding. Matt provides insights into the XZ compromise, critiques the buzzword 'shift left,' and discusses the role of digital twins and...

en-us

44:56

James Berthoty -- Is DAST Dead? And the future of API...

The Application Security Podcast ·

2024/05/31

In this episode of the Application Security Podcast, host Chris Romeo welcomes James Berthoty, a cloud security engineer with a diverse IT background, to discuss his journey into application and product security. The conversation spans James's career trajectory from IT operations to cloud security, his experiences with security tools like Snyk and StackHawk, and the evolving landscape of Dynamic Application Security Testing (DAST) and API security. They delve into the practical challenge...

en-us

42:32

Mark Curphey and Simon Bennetts -- Riding the Coat...

The Application Security Podcast ·

2024/05/21

Mark Curphey and Simon Bennetts, join Chris on the podcast to discuss the challenges of funding and sustaining major open source security projects like ZAP. Curphey shares about going fully independent and building a non-profit sustainable model for ZAP. The key is getting companies in the industry, especially companies commercializing ZAP, to properly fund its ongoing development and maintenance.Bennetts, who has led ZAP for over 15 years, shares the harsh reality that while ZAP is like...

en-us

35:57

Devin Rudnicki -- Expanding AppSec

The Application Security Podcast ·

2024/05/14

Devon Rudnicki, the Chief Information Security Officer at Fitch Group, shares her journey of developing an application security program from scratch and advancing to the CISO role. She emphasizes the importance of collaboration, understanding the organization's business, and using metrics to drive positive change in the security program.Elon Musk - Walter IsaacsonSteve Jobs - Walter IsaacsonThe Code Breaker: Jennifer Doudna, Gene Editing, and the Future of the Human Race - Walter Isaacsonhttp...

en-us

45:10

Dustin Lehr -- Culture Change through Champions and...

The Application Security Podcast ·

2024/04/16

en-us

38:11

Francesco Cipollone -- Application Security Posture...

The Application Security Podcast ·

2024/04/09

en-us

46:32

Mukund Sarma -- Developer Tools that Solve Security...

The Application Security Podcast ·

2024/04/02

en-us

296 results

Similar Podcasts

Lead With AI

Tamara Nall

Linux in the Ham Shack

Black Sparrow Media

Data Engineering Podcast

Tobias Macey

Eye On A.I.

Craig S. Smith

Reflections

Livewire Labs