The Application Security Podcast
Chris Romeo and Robert Hurlbut dig into the tips, tricks, projects, and tactics that make various application security professionals successful. They cover all facets of application security, from threat modeling and OWASP to DevOps+security and security champions. They approach these stories in an educational light, explaining the details in a way those new to the discipline can understand. Chris Romeo is the CEO of Devici and a General Partner at Kerr Ventures, and Robert Hurlbut is a Principal Application Security Architect focused on Threat Modeling at Aquia.
Podcasting since 2016 • 279 episodes
The Application Security Podcast
Latest Episodes
Milan Williams -- AppSec Metrics
Milan Williams discusses the importance of application security metrics and how to make them both meaningful and actionable. She explains that metrics are crucial for tracking progress in what can often feel like an overwhelming security landsc...
•
Season 12
•
Episode 2
•
36:16
MO Sadek -- Building an AppSec Program from Scratch
Mo Sadek shares his unique journey of building an Application Security program from scratch at Roblox. Mo discusses his unconventional path, including temporarily joining the infrastructure team to truly understand engineering challenges. He em...
•
Season 12
•
Episode 1
•
48:50
Brett Crawley -- Threat Modeling Gameplay with EoP
Brett Crawley discusses the Elevation of Privilege (EoP) card game, a powerful tool for threat modeling in software development. The discussion explores recent extensions to the game including privacy-focused suits and TRIM (Transfer, Retention...
•
Season 11
•
Episode 29
•
45:28
Matin Mavaddat - Understanding Security as a Systemic Concern: The Role of Anti-Requirements
Matin Mavaddat discusses his perspective on security as a systemic concern, developed from his background in requirements engineering and systems architecture. He introduces the concept of "anti-requirements" - defining what a system should not...
•
Season 11
•
Episode 28
•
50:20
Kayra Otaner -- DevSecOps
Kayra Otaner joins the podcast today to discuss DevSecOps and answer the question, is it dead? Kayra is the Director of DevSecOps at Roche and is highly involved in the DevSecOps community. Kayra states that DevSecOps in its traditional form is...
•
Season 11
•
Episode 27
•
32:46
Contributors
Podcasts we love
Check out these other fine podcasts recommended by us, not an algorithm.
The Security Table
Izar Tarandach, Matt Coles, and Chris Romeo