))
A podcast about Application Security DevSecOps and AppScan. Twice a month, we aim to bring you some technical insights, assorted facts and the latest news from the world of HCL AppScan. Our underlying mission is to deliver continuous application security to the masses.
…
continue reading
Chris Romeo and Robert Hurlbut dig into the tips, tricks, projects, and tactics that make various application security professionals successful. They cover all facets of application security, from threat modeling and OWASP to DevOps+security and security champions. They approach these stories in an educational light, explaining the details in a way those new to the discipline can understand. Chris Romeo is the CEO of Devici and a General Partner at Kerr Ventures, and Robert Hurlbut is a Prin ...
…
continue reading
1
Irfaan Santoe -- The Power of Strategy in AppSec
40:14
40:14
Play later
Play later
Lists
Like
Liked
40:14
Join Irfaan Santoe and hosts Chris Romeo and Robert Hurlbut for an in-depth discussion on the maturity and strategy of Application Security programs. They delve into measuring AppSec maturity, return on investment, and communicating technical needs to business leaders. Irfaan shares his unique journey from consulting to becoming an AppSec professio…
…
continue reading
1
Andrew Van Der Stock -- The New OWASP Top Ten
51:51
51:51
Play later
Play later
Lists
Like
Liked
51:51
Join Chris Romeo and Robert Hurlbut as they sit down with Andrew Van Der Stok, a leading web application security specialist and executive director at OWASP. In this episode, Andrew discusses the latest with the OWASP Top 10 Project, the importance of data collection, and the need for developer engagement. Learn about the methodology behind buildin…
…
continue reading
1
Derek Fisher -- Hiring in Cyber/AppSec
1:01:45
1:01:45
Play later
Play later
Lists
Like
Liked
1:01:45
In this episode of the Application Security Podcast, Chris Romeo and Robert Hurlbut welcome back Derek Fisher, an expert in hardware, software, and cybersecurity with over 25 years of experience. Derek shares his advice on cybersecurity hiring, specifically in application security, and dives into the challenges of entry-level roles in the industry.…
…
continue reading
Join us for a conversation with Tanya Janka, also known as SheHacksPurple, as she discusses secure guardrails, the difference between guardrails and paved roads, and how to implement both in application security. Tanya, an award-winning public speaker and head of education at SEMGREP, shares her insights on creating secure software and teaching dev…
…
continue reading
1
Jahanzeb Farooq -- Launching and executing an AppSec program
49:44
49:44
Play later
Play later
Lists
Like
Liked
49:44
In this episode of the Application Security Podcast, hosts Chris Romeo and Robert Hurlbut are joined by Jahanzeb Farooq to discuss his journey in cybersecurity and the challenges of building AppSec programs from scratch. Jahanzeb shares his experience working in various industries, including Siemens, Novo Nordisk, and Danske Bank, highlighting the …
…
continue reading
1
David Quisenberry -- Building Security, People, and Programs
56:54
56:54
Play later
Play later
Lists
Like
Liked
56:54
In this episode of the Application Security Podcast, hosts Chris Romeo and Robert Hurlbut engage in a deep discussion with guest David Quisenberry about various aspects of application security. They cover David's journey into the security world, insights on building AppSec programs in small to mid-sized companies, and the importance of data-driven …
…
continue reading
1
Matt Rose -- Software Supply Chain Security Means Many Different Things to Different People
46:14
46:14
Play later
Play later
Lists
Like
Liked
46:14
In this episode of the Application Security Podcast, hosts Chris Romeo and Robert Hurlbut welcome Matt Rose, an experienced technical AppSec testing leader. Matt discusses his career journey and significant contributions in AppSec. The conversation delves into the nuances of software supply chain security, exploring how different perceptions affect…
…
continue reading
1
James Berthoty -- Is DAST Dead? And the future of API security
44:56
44:56
Play later
Play later
Lists
Like
Liked
44:56
In this episode of the Application Security Podcast, host Chris Romeo welcomes James Berthoty, a cloud security engineer with a diverse IT background, to discuss his journey into application and product security. The conversation spans James's career trajectory from IT operations to cloud security, his experiences with security tools like Snyk and …
…
continue reading
1
S5EP3 - Security in the Developer Experience with Tanya Janca and New Words for 2024.
1:06:31
1:06:31
Play later
Play later
Lists
Like
Liked
1:06:31
Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another insightful application paranoia session. In this weeks episode our special guest is Tanya Janca who is helping the team discuss all things Security in the Devlopment space. Tanya Janca, also known as SheHacksPurple, is the author of ‘Alice and Bob Learn Application Security’. S…
…
continue reading
1
Mark Curphey and Simon Bennetts -- Riding the Coat Tails of ZAP, without Open Source Funding
42:32
42:32
Play later
Play later
Lists
Like
Liked
42:32
Mark Curphey and Simon Bennetts, join Chris on the podcast to discuss the challenges of funding and sustaining major open source security projects like ZAP. Curphey shares about going fully independent and building a non-profit sustainable model for ZAP. The key is getting companies in the industry, especially companies commercializing ZAP, to prop…
…
continue reading
Devon Rudnicki, the Chief Information Security Officer at Fitch Group, shares her journey of developing an application security program from scratch and advancing to the CISO role. She emphasizes the importance of collaboration, understanding the organization's business, and using metrics to drive positive change in the security program. Elon Musk …
…
continue reading
1
Dustin Lehr -- Culture Change through Champions and Gamification
45:10
45:10
Play later
Play later
Lists
Like
Liked
45:10
Dustin Lehr, Senior Director of Platform Security/Deputy CISO at Fivetran and Chief Solutions Officer at Katilyst Security, joins Robert and Chris to discuss security champions. Dustin explains the concept of security champions within the developer community, exploring the unique qualities and motivations behind developers becoming security advocat…
…
continue reading
1
S5EP2 - Application Security Posture Management with guest Ray [Redacted]
58:09
58:09
Play later
Play later
Lists
Like
Liked
58:09
Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another insightful application paranoia session. In this weeks episode our special guest is Ray [Redacted] who is helping the team discuss all things Posture Management. Ray is a Technologist & researcher for a Fortune 50 corporation and Associate Producer Emeritus of Jack Rhysider’s c…
…
continue reading
1
Francesco Cipollone -- Application Security Posture Management and the Power of Working with the Business
38:11
38:11
Play later
Play later
Lists
Like
Liked
38:11
Francesco Cipollone, CEO of Phoenix Security, joins Chris and Robert to discuss security and explain Application Security Posture Management (ASPM). Francesco shares his journey from developer to cybersecurity leader, revealing the origins and importance of ASPM. The discussion covers the distinction between application security and product securit…
…
continue reading
1
Mukund Sarma -- Developer Tools that Solve Security Problems
46:32
46:32
Play later
Play later
Lists
Like
Liked
46:32
Mukund Sarma, the Senior Director for Product Security at Chime, talks with Chris about his career path from being a software engineer to becoming a leader in application security. He explains how he focuses on building security tools that are easy for developers to use and stresses the importance of looking at application security as a part of the…
…
continue reading
1
Meghan Jacquot -- Assumed Breach Red Team Engagements for AppSec
40:55
40:55
Play later
Play later
Lists
Like
Liked
40:55
AppSec specialist Megan Jacquot joins Chris and Robert for a compelling conversation about community, career paths, and productive red team exercises. Megan shares her unique cybersecurity origin story, tracing her interest in the field from childhood influences through her tenure as an educator and her formal return to academia to pivot into a tec…
…
continue reading
1
Bill Sempf -- Development, Security, and Teaching the Next Generation
39:44
39:44
Play later
Play later
Lists
Like
Liked
39:44
Robert is joined by Bill Sempf, an application security architect with over 20 years of experience in software development and security. Bill shares his security origins as a curious child immersed in technology, leading to his lifelong dedication to application security. They discuss CodeMash, a developer conference in Ohio, and recount Bill's pre…
…
continue reading
1
Hendrik Ewerlin -- Threat Modeling of Threat Modeling
33:50
33:50
Play later
Play later
Lists
Like
Liked
33:50
Robert and Chris talk with Hendrik Ewerlin, a threat modeling advocate and trainer. Hendrik believes you can threat model anything, and he recently applied threat modeling to the process of threat modeling itself. His conclusions are published in the document Threat Modeling of Threat Modeling, where he aims to help practitioners, in his own words,…
…
continue reading
