Chris Romeo and Robert Hurlbut
The Application Security Podcast
Chris Romeo and Robert Hurlbut dig into the tips, tricks, projects, and tactics that make various application security professionals successful. They cover all facets of application security, from threat modeling and OWASP to DevOps+security and security champions. They approach these stories in an educational light, explaining the details in a way those new to the discipline can understand. Chris Romeo is the CEO of Devici and a General Partner at Kerr Ventures, and Robert Hurlbut is a Principal Application Security Architect focused on Threat Modeling at Aquia.
Autor
Chris Romeo and Robert Hurlbut
Kategorie
Podcast-Website
Neueste Folge
16. Jun 2026
Wo hören?
Podcasts in der App Replaio Radio Bald verfügbarPodcasts kommen bald in die App. Installiere sie jetzt und erlebe als Erster einen ganz neuen Blick auf Podcasts
Folgen
Guy Barhart-Magen -- Log4j and Incident Response 23.09.2022 43:45
Send us Fan Mail With nearly 25 years of experience in the cyber-security industry, Guy held various positions in both corporates and startups. In his role as the CTO for the cyber crisis management firm Profero, his focus is making incident response fast and scalable, harnessing the latest technologies and a cloud-native approach. Guy is the BSidesTLV chairman and CTF lead, a Public speaker in we...
Brett Smith -- Security is a Necessary Evil 30.08.2022 43:36
Send us Fan Mail Brett Smith is a Software Architect/Engineer/Developer with 20+ years of experience. Specialties: Automation, Continuous Integration/Delivery/Testing/Deployment Expertise: Linux, packaging, and tool design. Brett joins us to discuss why he hates security and shares his vast knowledge of building a secure and cutting-edge build pipeline. We hope you enjoy this conversation with......
Chen Gour-Arie -- The AppSec Map 16.08.2022 33:37
Send us Fan Mail Chen Gour-Arie is the Chief Architect and Co-Founder of Enso Security. With over 15 years of hands-on experience in cybersecurity and software development, Chen demonstrably bolstered the software security of dozens of global enterprise organizations across multiple industry verticals. An enthusiastic builder, he has focused his career on building tools to optimize and accelerate...
Dominique Righetto -- OWASP Secure Headers 09.08.2022 27:53
Send us Fan Mail Dominique Righetto is an AppSec enthusiast and OWASP projects contributor. Dominique joins us to discuss the OWASP Secure Headers project. We discuss headers at a high level and then dive into all the goodies you'll find within the project, from awareness, guidance, and a test suite that can be integrated into your CI/CD pipeline to test your security headers. We hope you enj...
Hillel Solow -- How to do AppSec without a security team 25.07.2022 33:52
Send us Fan Mail Hillel Solow is Chairman of the Board at ProtectOnce, where he helps guide product and security strategy. Hillel is a serial entrepreneur in the cybersecurity space, but his favorite thing is still writing code at 2 am. Hillel joins us to discuss how to do appsec without a security team. We explore the building blocks of an appsec program, and what appsec looks like for companies...
Chris Romeo -- The Security Journey Story 02.06.2022 27:13
Send us Fan Mail In this episode of the Application Security Podcast, Chris Romeo walks through the origin story of Security Journey and shares some experiences taking a security startup from bootstrap to acquisition. Chris talks about how and why he started the company, what defining factors made Security Journey successful and why they're being acquired now. He ends by giving an overview of...
Kristen Tan and Vaibhav Garg -- Machine Assisted Threat Modeling 10.05.2022 46:17
Send us Fan Mail In this episode of the Application Security Podcast, we talk to Kristen Tan and Vaibhav Garg from Comcast. They wrote a paper called " An Analysis of Open-source Automated Threat Modeling Tools and Their Extensibility from Security into Privacy ". They join us to share their story about what they were doing and why they did it. We hope you enjoy this conversation with.....
Patrick Dwyer -- CycloneDX and SBOMs 03.05.2022 28:33
Send us Fan Mail Patrick is a Senior Product Security Engineer in the Application Security team at ServiceNow. He is also Co-Leader of the OWASP CycloneDX project. A lightweight Software Bill of Materials (SBOM) standard designed for use in application security contexts and supply chain component analysis. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcas...
Omer Gil and Daniel Krivelevich -- Top 10 CI/CD Security Risks 25.04.2022 50:40
Send us Fan Mail Daniel Krivelevich is a cybersecurity expert and problem solver, with 15+ years of enterprise security experience with a proven track record working with 100+ enterprises across multiple industries, with a strong orientation to Application & Cloud Security. Daniel co-Founded Cider Security as the company’s CTO. Cider is a startup focused on securing CI/CD pipelines, flows, and...
Josh Grossman -- Building a High-Value AppSec Scanning Program 19.04.2022 43:00
Send us Fan Mail Josh Grossman has over 15 years of experience in IT Risk and Application Security consulting, and he has also worked as a software developer. He currently works as CTO for Bounce Security, where he focuses on helping organizations build secure products by providing value-driven Application Security support and guidance. In his spare time, he is very involved with OWASP. He is on t...
Alex Mor -- Application Risk Profiling at Scale 15.03.2022 42:46
Send us Fan Mail Alex Mor is a passionate cybersecurity defender or breaker depending on the time of day, providing expert technical guidance to product teams and building security in their platforms. Alex joins us to talk about application risk profiling. He defines what this concept is to help us understand it. Then we talk about how can you do application risk profiling at scale? Whether you ha...
Brenna Leath -- Product Security Leads: A different way of approaching Security Champions 09.03.2022 33:11
Send us Fan Mail Brenna Leath is currently the Head of Product Security for a data analytics company where she sets the application security strategy for R&D and leads a team of security architects. Brenna originally joined us to talk about EO 14028 and the implications for private sector programs, BUT, we were chatting about security champions and product security leads, and we changed our fo...
Will Ratner -- Centralized container scanning 16.02.2022 42:15
Send us Fan Mail Will Ratner is a software security professional with extensive experience building and implementing security solutions across a myriad of industries including banking, media, construction, and information technology. In his current role at Atlassian, Will focuses on improving the vulnerability management process by building highly scalable and automated solutions for the enterpris...
Neil Matatall -- AppSec at Scale 09.02.2022 39:13
Send us Fan Mail Neil Matatall is an engineer with a background in security. He has previously worked at GitHub and Twitter and is a co-founder of Loco Moco Product Security Conference. Neil joins us for his second visit, to discuss account security at scale. He describes the underlying principles behind security at scale, how he worked to build a sign-in analysis feature, and how attacks were det...
Joern Freydank -- Security Design Anti Patterns Limit Security Debt 25.01.2022 36:47
Send us Fan Mail Joern Freydank is a Lead Cyber Security Engineer with more than 20 years of experience. He is currently establishing the Threat Modeling Program at a major insurance company. Joern joins us to talk about security design anti-patterns. He defines the term, explains security debt, reviews the categories of anti-patterns, and walks us through the example of a common role misconceptio...
Ken Toler -- Blockchain, Cloud, and #AppSec 18.01.2022 44:59
Send us Fan Mail Ken Toler is a principal consultant at Kudelski Security and is passionate about building and optimizing application security programs that stick through strong adoption and ease of use. Ken has spent considerable time on all sides of the security aisle from playing defense and managing security teams to offense by breaking applications and reviewing code. Ken is also the host and...
Jeroen Willemsen and Ben de Haan -- Dirty little secrets 11.01.2022 34:43
Send us Fan Mail Jeroen Willemsen is a passionate, hands-on security architect with a knack for mobile security and security automation. As a "jack of all trades," he has been involved with various OWASP projects and has developed various trainings. He has spent over 10 years as a full-stack developer and has worked as a (security) architect, security lead, and risk manager. Ben de Haan...
Adam Shostack -- Fast, cheap and good threat models 15.12.2021 31:22
Send us Fan Mail Adam is a leading expert on threat modeling, and a consultant, expert witness, author and game designer. He has decades of experience delivering security. His experience ranges across the business world from founding startups to nearly a decade at Microsoft. While not consulting or training, Shostack serves as an advisor to a variety of companies and academic institutions. Adam jo...
Loren Kohnfelder -- Designing Secure Software 07.12.2021 33:42
Send us Fan Mail Loren Kohnfelder has over 20 years of experience in the security industry. At Microsoft, he was a key contributor to STRIDE, the industry’s first formalized proactive security process methodology, and also program-managed the .NET platform security effort. At Google, he worked as a software engineer on the Security team and as a founding member of the Privacy team. Loren joins us...
Ochaun Marshall -- IaC and SAST 29.11.2021 36:29
Send us Fan Mail Ochaun Marshall is an Application Security Consultant. In his roles of secure ideas, he works on on-going development projects utilizing Amazon web services and breaks other people's web applications. Ochaun joins us to talk about SAST and IaC, static application security testing and infrastructure as code. We talk about what they are, how they work, the security benefits, so...
Simon Bennetts -- Using OWASP Zap across an Enterprise 10.11.2021 40:00
Send us Fan Mail Simon Bennetts is the OWASP Zed Attack Proxy (ZAP) Project Leader and a Distinguished Engineer at StackHawk, a company that uses ZAP to help users fix application security bugs before they hit production. He has talked about and demonstrated ZAP at conferences all over the world. Prior to making a move into security, he was a developer for 25 years and strongly believes that you c...
Timo Pagel -- DevSecOps Maturity Model 27.10.2021 31:55
Send us Fan Mail Timo Pagel has been in the IT industry for over fifteen years. After a system administrator and web developer career, he advises customers as a DevSecOps consultant and trainer. His focus is on security test automation for software and infrastructure and assessment of complex applications in the cloud. In his spare time, he teaches “Web and Application Security” at various univers...
Mazin Ahmed -- Terraform Security 06.10.2021 32:51
Send us Fan Mail Mazin Ahmed is a security engineer that specializes in AppSec and offensive security. He is passionate about information security and has previously found vulnerabilities in Facebook, Twitter, Linkedin, and Oracle, to name a few. Mazin is the developer of several popular open-source security tools that have been integrated into security testing frameworks and distributions. Mazin...
James Ransome and Brook Schoenfield -- trust and verify: Building in Security at Agile Speed 24.09.2021 54:19
Send us Fan Mail Dr. James Ransome is the Chief Scientist for CyberPhos, an early-stage cybersecurity startup. He is also a member of the board of directors for the Bay Area Chief Security Officer Council and serves as an adviser to ForAllSecure and Resilient Software Security. Dr. Ransome's career includes leadership positions in the private and public sectors. He has served in three chief i...
OWASP Top 10 2021 Peer Review 17.09.2021 29:40
Send us Fan Mail Robert and I break down the OWASP Top 10 2021 Peer Review Edition. We walk through and give you our insights and highlights of the things that stand out to us and our questions. We feel it brings value to our audience's understanding of the OWASP Top 10 2021 and what it will likely look like when it comes out. We encourage you to go and do your own peer review of the document...
Ähnliche Podcasts
Replaio ist kein Herausgeber von Podcasts; die Namen der Sendungen, Cover und Audioinhalte gehören ihren Autoren und werden über öffentliche RSS-Feeds verbreitet