Chris Romeo and Robert Hurlbut
The Application Security Podcast
Chris Romeo and Robert Hurlbut dig into the tips, tricks, projects, and tactics that make various application security professionals successful. They cover all facets of application security, from threat modeling and OWASP to DevOps+security and security champions. They approach these stories in an educational light, explaining the details in a way those new to the discipline can understand. Chris Romeo is the CEO of Devici and a General Partner at Kerr Ventures, and Robert Hurlbut is a Principal Application Security Architect focused on Threat Modeling at Aquia.
Autor
Chris Romeo and Robert Hurlbut
Categoría
Web del podcast
Último episodio
16 de jun. de 2026
¿Dónde escuchar?
Podcasts en la app Replaio Radio Muy prontoLos podcasts llegarán muy pronto a la app. Instálala ahora y sé el primero en descubrir una forma totalmente nueva de vivir los podcasts
Episodios
Steve Giguere -- Cloud AppSec 24.07.2023 37:23
Send us Fan Mail Cloud security is on an evolutionary path, with newer platforms embracing secure-by-default settings. This has led to a significant improvement in security but also adds complexity as developers need to understand these defaults when deploying to the cloud. Steve Giguere defines cloud application security, describes cloud-first development and cloud complexity, security by defaul...
Paul McCarty -- The Burrito Analogy of the Software Supply Chain 14.07.2023 33:46
Send us Fan Mail "Visualizing the Software Supply Chain" is a project which aims to kick off a discussion about the scope and breadth of the software supply chain. Paul McCarty emphasizes the importance of understanding what's in the software supply chain to secure it effectively. He uses the burrito analogy, stating that you can't decide if you want to eat it if you don't...
Farshad Abasi -- Three Models for Deploying AppSec Resources 09.07.2023 9:18
Send us Fan Mail Farshad Abasi shares three models for deploying resources within application security teams: The Dedicated AppSec Person Model involves assigning an AppSec person to work with each team. Farshad shares his experience of working with developers and the challenges faced in getting them to understand and implement threat modeling. He also discusses the transition from waterfall to Ag...
Kim Wuyts -- The Future of Privacy Threat Modeling 29.06.2023 41:47
Send us Fan Mail Kim Wuyts discusses her work in privacy threat modeling with LINDDUN, a framework inspired by Microsoft's STRIDE for security threat modeling. LINDDUN provides a structure to analyze privacy threats across multiple categories such as linking, detecting data disclosure, and unawareness. The framework has been updated over the years to incorporate new knowledge and developments...
François Proulx -- Actionable Software Supply Chain Security 22.06.2023 42:04
Send us Fan Mail Software supply chain -- how deep does the problem go? François is here to help us realize how deep the rabbit hole of the supply chain is and enlighten us with strategies to get out of the hole. François emphasizes the importance of branch protection in source code repositories as the cornerstone of any supply chain, highlighting the need for peer review and static code analysis...
Steve Wilson -- OWASP Top Ten for LLMs 15.06.2023 43:24
Send us Fan Mail How do we do security in the world of AI and LLMs? A great place to start is with an OWASP project tasked with creating a standardized guideline for building secure AI applications with large language models such as ChatGPT. Enter OWASP Top Ten for LLMs, and Steve Wilson, the project leader. You'll experience Large Language Models (LLMs) and their implications in AI. Steve ex...
JB Aviat -- The State of Application Security 07.06.2023 44:59
Send us Fan Mail What is the state of application security? JB Aviat answered that question, by creating the state of application security report based on data from Datadog customers using the application security and APM products. It provides insights into threat detection, vulnerability detection, prioritization, and general trends on where the most significant risks lie. We discuss: the priorit...
Joshua Wells -- Application Security in the Age of Zero Trust 01.06.2023 39:45
Send us Fan Mail What is zero trust, and how does it impact the world of applications and application security? We dive deep into zero trust with Joshua Wells, a seasoned cybersecurity expert with over ten years of experience. Joshua explores the intricacies of zero trust, a cybersecurity model that dictates no user or machine is trusted by default and must be authenticated every time. Listen in a...
Jeevan Singh -- The Future of Application Security Engineers 15.05.2023 46:58
Send us Fan Mail Jeevan Singh, the director of product security at Twilio, discusses the future of application security engineers. Singh highlights the importance of embedding security into all aspects of software development and the need for a strong security culture within organizations. He also explains the skills required for a senior application security engineer, such as application security...
Tony Turner -- Threat Modeling and SBOM 03.05.2023 44:12
Send us Fan Mail Have you ever considered using an SBOM to inform your threat modeling? Tony Turner has. Tony joins us to discuss SBOMs, threat modeling, and the importance of Cyber Informed Engineering. Tony delves into the SBOM (Software Bill of Materials) concept, highlighting their value proposition in identifying vulnerabilities, demonstrating compliance with software licenses, and informing...
Christian Frichot -- Threat Modeling with hcltm 18.04.2023 49:27
Send us Fan Mail Christian Frichot, an AppSec hacker, security leader, and developer of hcltm. He discusses the DevOps threat modeling tool he dreamed up and built. The tech was created to fit into developers' workflows and leverage tools they are familiar with. hcltm is designed to drive valuable change and be updated and maintained easily by software engineers. It is a developer-centric sof...
Zohar Shachar -- Bug Bounty from Both Sides 03.04.2023 36:27
Send us Fan Mail Zohar Shachar joins us to discuss the bug bounty process from both sides. Zohar has spent time as a bug bounty hunter and shares wisdom on avoiding bug bounty-causing issues for your AppSec posture. We hope you enjoy this conversation with...Zohar Shachar. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.co...
Sarah-jane Madden -- Threat Modeling to established teams 23.03.2023 43:11
Send us Fan Mail Sarah-Jane Madden is the Chief Information Security Officer of Sensing Technology Group. - part of Fortive. She has over 20 years of software experience, from the most formal environments to ‘let’s fix it in production’ type teams. She has been a longtime advocate of deliberate application security as a partnership with product management and believes security does not have to be...
Jet Anderson -- The AppSec Code Doctor 16.03.2023 38:55
Send us Fan Mail Jet Anderson's passion is teaching today's software developers to write secure code as part of modern DevOps pipelines, at speed and scale, without missing a beat. He's been a software engineer for over 25 years and believes fixing security bugs is better than finding them. Jet joins us to discuss software or security engineer first, how fixing security bugs is bett...
James Mckee -- Developer Security 09.03.2023 38:13
Send us Fan Mail James Mckee is a developer (MCPDEA) and security advocate (CISSP) whose biggest responsibility is leading developer security practices. He sets the standards and procedures for the practice's operations and leads all client engagement efforts concerning security. He also takes the lead in ensuring that company staff (developers specifically) are properly trained and following...
Derek Fisher -- The Application Security Handbook 02.03.2023 41:33
Send us Fan Mail Derek is the author of “The Application Security Handbook.” He is a university instructor at Temple University, where he teaches software development security to undergraduate and graduate students. He is a speaker on topics in the cybersecurity space and has led security teams, large and small, at organizations in the healthcare and financial industries. Derek joins us to unpack...
Rob van der Veer -- OWASP AI Security & Privacy Guide 23.02.2023 42:54
Send us Fan Mail Rob van der Veer has a 30-year background in software engineering, building AI businesses, creating software, and assessing software. He is a senior director at the Software Improvement Group, where he established practices for AI, security, and privacy. Rob is involved in several standardization initiatives like OWASP SAMM, ENISA, CIP, and AI security & privacy guide. He lead...
Robyn Lundin -- Planning & organizing a penetration test as an AppSec team 10.01.2023 29:23
Send us Fan Mail Robyn Lundin started working in tech after a coding boot camp as a developer for a small startup. She then discovered her passion for security, pivoted into pentesting for NCC Group, and now works as a Senior Product Security Engineer for Slack. Robyn joins us to discuss the role of penetration testing within the application security realm. Robyn provides actionable guidance you...
Michael Bargury -- Low Code / No Code Security and an OWASP Top Ten 03.01.2023 47:16
Send us Fan Mail Michael Bargury is the Co-Founder and CTO of Zenity, where he helps companies secure their low-code/no-code apps. In the past, he headed security product efforts at Azure, focused on IoT, APIs and IaC. Michael is passionate about all things related to cloud, SaaS and low-code security and spends his time finding ways they could go wrong. He also leads the OWASP low-code security...
Alex Olsen -- Security champions, empowering developers, and AppSec training 20.12.2022 59:16
Send us Fan Mail Alex leads the Cyber Security Consulting Group, part of Rakuten's Cyber Security Defense Department. The group's dedication is to providing global security services, including security architecture, DevSecOps tooling and integration services, delivery of technical training, and running Rakuten's Security Champion community. His focus is on empowering teams to improv...
Mark Curphey -- The future of OWASP 13.12.2022 41:09
Send us Fan Mail Mark Curphey is one of the creators of OWASP from the very early days. Mark worked in the background over the few decades of OWASP but has recently taken more to the spotlight. After running, he was elected and joined the OWASP Board of Directors. This conversation starts with the historical story of Mark and his history with OWASP. Then we jump into the visions for OWASP in the...
Tiago Mendo -- How to scan at scale with OWASP ZAP 06.12.2022 32:14
Send us Fan Mail Tiago Mendo is a co-founder and CTO of Probely. He has extensive experience in pentesting applications, training, and providing all-around security consultancy. Tiago started working with security in the early 2000s, beginning with a tenure of 12 years at Portugal Telecom. While there, he built the web security team and worked with 150+ developers. He holds a Master's in Inf...
Wolfgang Goerlich -- Security beyond vulnerabilities 29.11.2022 40:28
Send us Fan Mail J. Wolfgang Goerlich is an Advisory CISO for Cisco Secure. He has been responsible for IT and IT security in the healthcare and financial services verticals. Wolfgang has led advisory and assessment practices for cybersecurity consulting firms. Wolf joins us to talk about some security things that will stretch your mind, like security beyond vulnerabilities, how apps intended fun...
Sam Stepanyan -- OWASP Nettacker Project 08.11.2022 46:32
Send us Fan Mail Sam Stepanyan is an OWASP London Chapter Leader and an Independent Application Security Consultant with over 20 years of IT experience and a background in software engineering and web application development. Sam has worked for various financial services institutions in the City of London, specializing in Application Security consulting, Secure Software Development Lifecycle (SDL...
Nick Aleks and Dolev Farhi -- GraphQL Security 01.11.2022 43:40
Send us Fan Mail Dolev Farhi is a security engineer and author with extensive experience leading security engineering teams in complex environments and scales in the Fintech and cyber security industries. Currently, he is the Principal Security Engineer at Wealthsimple. He is one of the founders of DEFCON Toronto (DC416). He enjoys researching vulnerabilities in IoT devices, participating in and b...
Podcasts similares
Replaio no es editor de podcasts; los nombres de los programas, las portadas y el audio pertenecen a sus autores y se distribuyen a través de canales RSS públicos