Ben Armstrong, Thomas Ballin
Let's Talk Security Testing
Your hosts, cyber tech founders Ben Armstrong and Thomas Ballin, have been increasingly frustrated with security testing's archaic approach. So they set about solving the problems they encountered themselves and created the Cytix platform. In the same spirit, they're bottling these thoughts, experiences and anecdotes into honest and transparent 30-minute sessions to open up the discussions with you. Let's Talk Security Testing is a podcast to challenge norms in cyber security testing for industry thought leaders ready to take on a new approach.
Autor
Ben Armstrong, Thomas Ballin
Categoría
Web del podcast
Último episodio
30 de mar. de 2026
¿Dónde escuchar?
Podcasts en la app Replaio Radio Muy prontoLos podcasts llegarán muy pronto a la app. Instálala ahora y sé el primero en descubrir una forma totalmente nueva de vivir los podcasts
Episodios
What the hell happened to PTaaS? 30.03.2026 17:18
In this episode of Let’s Talk Security Testing, we revisit PTaaS (Pen Testing as a Service) — a buzzword that never quite settled on a definition. Was it just pen testing with a portal? Continuous testing? Cheaper delivery? We break down what PTaaS was meant to be, how it evolved, and why it seems to have faded, without ever being clearly defined.
Did Anthropic Just Solve AppSec? 16.03.2026 35:27
Anthropic recently announced a new code analysis capability that’s sparked a lot of discussion across the AppSec community. In this episode of Let’s Talk Security Testing, we break down what the announcement actually means for application security teams, whether it represents real progress or just another wave of industry hype. We also dive into one of the hardest problems in security testing - bu...
The AppSec Reality Check with NCC Group 02.03.2026 39:13
AI is reshaping how software is built. But is it reshaping how it’s secured? In this episode, we’re joined by NCC Group to explore what’s really happening across the AppSec landscape. From AI adoption in development workflows to the rise of AI-driven pentesting tools, we unpack what’s progressing, and what’s still marketing. We cover: The reality of AI in modern development pipelines The current m...
The Reality of Agentic Application Security 16.02.2026 33:49
Agentic AI is the latest shift in application security, but how much of it is delivering real results? In this episode, we break down: - What “agentic” really means in AppSec - Where agentic workflows are genuinely adding value - The limits of automation, and where human expertise still leads - How enterprises are adopting it without overcommitting If you’re trying to separate practical capability...
Is AI Pentesting Just DAST in Disguise? 02.02.2026 32:39
Is AI Pentesting Just DAST in Disguise? 🤖💥 Everyone’s talking about AI-powered pentesting - but is it actually useful, or just dressed-up DAST? In this episode, we dig into: - What AI tools really test (and what they miss) - Why they sometimes look better than they are - Hallucinations, pricing, and trust - How they compare to micro pen tests and manual reviews If you’re trying to make sense of...
Does CAB Still Belong in Modern DevSecOps? 09.07.2025 24:12
In Season 2, Episode 9, we ask a big question: does the Change Advisory Board (CAB) still have a place in today’s fast-moving DevSecOps world? Traditionally seen as a gatekeeper for risk, CABs are often accused of slowing things down, blocking innovation, and creating more process than value. But can AI shift the role of CAB from bottleneck to enabler? We explore what a modern, AI-assisted CAB cou...
Is Vibe Coding a Developer Superpower or a Security Risk? 16.06.2025 27:01
In Season 2, Episode 8, we throw planning out the window and build a web app purely on vibes. No specs, no structure, just straight-up code. Then, we do what any responsible team would do... we try to hack it. In this live pen testing session, we explore what happens when code is written without rules, and whether security still holds up under pressure.
Who Wins at Threat Modelling: AI or a Real Hacker? 30.04.2025 18:40
In Season 2, Episode 7, we put human intuition to the test against machine precision. As AI tools become more embedded in secure design workflows, we ask the big question: can AI threat model as well as a real human? We pit a seasoned pentester against our own AI tool in a live challenge, and the results might surprise you. 👉 Try the tool for yourself: https://www.cytix.io/change-analysis-tool
Can AI Replace Pentesters? 31.03.2025 21:25
In Episode 6, Season 2, we unpack the explosive growth of AI and ask the critical question: could AI ever replace human pentesters? Subscribe to keep up to date with all new episodes, released every 2 weeks!
Hack it or Track it: The Hunt for Cyber Vulnerabilities 10.03.2025 20:00
In Episode 5, Season 2, we dive into vulnerabilities and their detection methods, from automated scanners to human-led pen testing. Plus, we put our skills to the test in Hack it or Track it, where we break down real vulnerabilities, discussing how we’d exploit them and how we’d detect them before attackers do. Subscribe to keep up to date with all new episodes, released every 2 weeks!
Micro Pen-Testing: When Less is More in Cybersecurity 24.02.2025 16:06
In episode 4 season 2, explore the innovative world of Micro Pen-Tests - a targeted, bite-sized approach to security testing that stems from threat modelling and development changes. Subscribe to keep up to date with all new episodes - released every 2 weeks!
Breaking Down Threat Modelling in Security Testing: A New Cybersecurity Essential 09.02.2025 19:27
In episode 3 season 2, explore the power of Threat Modelling in security testing and how it helps organisations predict, identify, and mitigate cyber risks before they become real threats. Subscribe to keep up to date with all new episodes - released every 2 weeks!
What Security Can Learn From Quality Control 27.01.2025 27:47
In episode 2, season 2 of Let's Talk Security Testing, we continue the conversation on the widely debated topic of 'what can security learn from quality control'. Subscribe to keep up to date with all new episodes - released every 2 weeks!
Enhancing Pentesting Effectiveness with Jira Tickets 13.01.2025 12:49
In episode 1 of season 2, explore techniques for using Jira tickets to enhance the effectiveness of your pentesting efforts. Meaning you can threat model your change tickets and prioritise your testing strategy. Subscribe to keep up to date with all new episodes - released every 2 weeks!
Vulnerability Deep Dive: Access Control Issues 02.12.2024 16:54
In the second of the Let's Talk Security Testing vulnerability deep dive episodes, Ben and Tom explore access control issues. They explore: What are access control issues & practical examples How to identify access control issues How to prevent, find and fix them
Depth vs Coverage in Security Testing 18.11.2024 15:22
Has the cyber security industry been ... lying to us? Do scanners provide the coverage whilst penetration tests provide the depth? Ben and Tom peel back the lid on this narrative to see if this is really the case...
Vulnerability Deep Dive: Business Logic Flaws 04.11.2024 24:12
In this first-of-its-type episode of Let's Talk Security Testing, Ben and Tom exclusively dive into the vulnerability, business logic flaws. They discuss: How business logic flaws are created Where they're typically found Why they're unique Ways to optimise testing processes to find them more easily
How to Build an Internal Security Testing Team 21.10.2024 17:51
Tom and Ben discuss: Determining the need for an internal pentesting team Setting up the team Key processes that lead to success
Where Do Vulnerabilities Come From? 07.10.2024 25:12
Ben and Tom discuss: The 3 primary sources of vulnerability creation A comparison of defensive cyber security approaches Challenges of route cause analysis
Why Context Matters In Security Testing 23.09.2024 17:25
Join Ben and Tom in discussing: What do we mean by context in security testing? The reality of context in security testing Barriers to achieving context in security testing and how to overcome them
How to Run an Enterprise Security Testing Programme 09.09.2024 25:49
Ben and Tom share strategy options, how this translates to operations and resourcing, and what output to expect from an enterprise testing programme.
A Cyber Security Engineer and a Vendor Meet in A Podcast Studio... 26.08.2024 26:32
In episode 6 of Let's Talk Security Testing, we welcome our first guest to the studio, Senior Security Engineer, Christine Smoley. Tom and Christine have an honest conversation on the cyber security vendor landscape, how vendors can make things easier in the buying process, and shared experiences in dealing with challenges of coordinating a security testing team.
The Role of LLMs in Security Testing 09.08.2024 25:06
In this episode of Let's Talk Security Testing we cover: - Why LLMs are popular across working teams in general - How this can be applied for security testing - Myth busting LLM capabilities and security concerns
How To Scale A Security Testing Programme 29.07.2024 25:26
Tom and Ben break down what scalable really means, the practicalities this equates to, common challenges and tips & experiences on how to apply this yourself.
Getting the Full Value Out of Human Security Testers 15.07.2024 27:55
Penetration tests are expensive and hugely important to a companies cyber security. We discuss ways to make sure tests are set up for success in the most effective and efficient way.
Podcasts similares
Replaio no es editor de podcasts; los nombres de los programas, las portadas y el audio pertenecen a sus autores y se distribuyen a través de canales RSS públicos