Podgo

Let's Talk AppSecOps

Technology EN ↓ 8 episodes

Agile DevOps, Cloud Deployment, Microservices, and Open Source have all dramatically accelerated application delivery and complexity. Today’s AppSec teams, outnumbered by as much as 100:1 by developers, depend on a collection of point security products and siloed manual processes. This leaves them struggling to gain the visibility, insight, and process scale they need to identify and protect the always changing and growing application risk surface.   This resulting AppSec Chaos means applications ship fast without the assurance of shipping securely, leaving the organization at risk of breaches...

Author

Podgo

Category

Technology

Podcast website

www.spreaker.com

Latest episode

Sep 24, 2025

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

Gates to Guardrails 24.09.2025

Developers don't want to be slowed down, but security teams don't want development speed driving AppSec posture off a cliff. The compromise: security guardrails instead of release gates. With a basis of mutual trust that only critical findings will be sent for remediation and all critical findings will be remediated, friction between teams can be mitigated. Avoiding alert fatigue is one thing both...

Factors in Prioritization 17.09.2025

Prioritizing threat/vulnerability findings takes thought, a satellite cam, and a microscope if you don't have an AppSecOps platform at work. There's a lot to consider: criticality variance across tools (they don't come normalized out of the box), threat intelligence on CVEs, and tool/technique weight factors, for starters. A major concept is the context around the app/sub-app/module associated wit...

Vulnerability Management – What? When? How? 10.09.2025

Vulnerability Management looks different from business to business. What qualifies a risk as acceptable or not? When should confirmed vulns be fixed by? Perhaps most distressingly, how do we know when vulnerability has actually been remediated? Luis Guzmán talks about the different aspects of vulnerability and its most common musts: a workflow framework that security & dev agree on live critic...

Getting Started With AppSec 03.09.2025

It's a common misconception that the first step to building an application security program is sorting out the tooling. In reality, security tools translate well, and most early-game head-scratching will center on process. It helps to start small: SCA (source composition analysis) being an un-intensive and non-invasive first measure is a great launch point. This is not only due to the great availa...

Short Release Cycles: Pros & Cons 27.08.2025

A short release cycle has myriad benefits: faster delivery to market for new functionalities, and swiftly-improving accuracy toward goals (what we call Agile) chief among them. And from a security perspective, a quick reaction time to zero-day threats thanks to a well-oiled assembly line is invaluable. But, of course, there are drawbacks: like a lack of cohesion and communication between security...

The SBOM Movement 20.08.2025

The SBOM Movement has gained huge attention in just half a year. Whether as an external dependency of a developing product or a mission-critical tech stack component, inbound software has provenance (and often, vulnerabilities) that need to be reported for security downstream. US and foreign government support, as well as executive action , have done so much to stir awareness of these supporting d...

Dev Vs Sec – Who's Responsible For The Ops? 13.08.2025

The State of AppSecOps Report found "reducing developer friction" was a top 3 priority for security leaders. A common contributor is the volleying of security responsibilities, especially with infrastructure-as-code—a gray area that often has security and dev teams pointing fingers. To get willing collaboration, security teams need to practice carrot tactics and better understand the expectations...

Concrete to Cloud: Securing Assets across the Enterprise 06.08.2025

The transition from all-hardware to mostly-digital assets has complicated and decentralized the job of security. Cloud and container apps and infrastructure-as-code are examples of innovations whose security requirements will span multiple desks, as the role of the cybersecurity do-it-all becomes a relic of the past—even for smaller organizations. About ArmorCode We develop, sell, and deliver the...

Listen to the Let's Talk AppSecOps podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.