The Application Security Podcast
Chris Romeo and Robert Hurlbut dig into the tips, tricks, projects, and tactics that make various application security professionals successful. They cover all facets of application security, from threat modeling and OWASP to DevOps+security and security champions. They approach these stories in an educational light, explaining the details in a way those new to the discipline can understand. Chris Romeo is the CEO of Devici and a General Partner at Kerr Ventures, and Robert Hurlbut is a Principal Application Security Architect focused on Threat Modeling at Aquia.
Episodes
273 episodes
Steve Wilson -- The Developer's Playbook for Large Language Model Security: Building Secure AI Applications
Join hosts Chris Romeo and Robert Hurlbut on the Application Security Podcast as they welcome back Steve Wilson, author of 'The Developer's Playbook for Large Language Model Security.' In this episode, they dive into critical topics such as AI ...
•
Season 11
•
Episode 24
•
36:32
Jeff Williams -- Application Detection & Response (ADR)
Join us in this week’s episode of the Application Security Podcast where we sit down with Jeff Williams, a renowned pioneer in the field of application security. Jeff discusses ADR (Application Detection and Response), detailing its potential t...
•
Season 11
•
Episode 23
•
51:28
Phillip Wylie -- Pen Testing from Somebody who Knows about Pen Testing
Join Robert and Chris Romeo as they dive into the world of pen testing with their guest Philip Wiley. In this episode, Philip shares his unique journey from professional wrestling to being a renowned pen tester. Hear some great stories from his...
•
Season 11
•
Episode 22
•
52:08
Steve Springett -- Software and System Transparency
In this episode of the Application Security Podcast, hosts Chris Romeo and Robert Hurlbut welcome back Steve Springett, an expert in secure software development and a key figure in several OWASP projects. Steve unpacks CycloneDX and the value p...
•
Season 11
•
Episode 21
•
48:13
Irfaan Santoe -- The Power of Strategy in AppSec
Join Irfaan Santoe and hosts Chris Romeo and Robert Hurlbut for an in-depth discussion on the maturity and strategy of Application Security programs. They delve into measuring AppSec maturity, return on investment, and communicating technical n...
•
Season 11
•
Episode 20
•
40:14
Andrew Van Der Stock -- The New OWASP Top Ten
Join Chris Romeo and Robert Hurlbut as they sit down with Andrew Van Der Stok, a leading web application security specialist and executive director at OWASP. In this episode, Andrew discusses the latest with the OWASP Top 10 Project, the import...
•
Season 11
•
Episode 19
•
51:51
Derek Fisher -- Hiring in Cyber/AppSec
In this episode of the Application Security Podcast, Chris Romeo and Robert Hurlbut welcome back Derek Fisher, an expert in hardware, software, and cybersecurity with over 25 years of experience. Derek shares his advice on cybersecurity hiring,...
•
Season 11
•
Episode 18
•
1:01:45
Tanya Janca -- Secure Guardrails
Join us for a conversation with Tanya Janka, also known as SheHacksPurple, as she discusses secure guardrails, the difference between guardrails and paved roads, and how to implement both in application security. Tanya, an award-wi...
•
Season 11
•
Episode 17
•
1:04:50
Jahanzeb Farooq -- Launching and executing an AppSec program
In this episode of the Application Security Podcast, hosts Chris Romeo and Robert Hurlbut are joined by Jahanzeb Farooq to discuss his journey in cybersecurity and the challenges of building AppSec programs from scratch. Jahanzeb shares his exp...
•
Season 11
•
Episode 16
•
49:44
David Quisenberry -- Building Security, People, and Programs
In this episode of the Application Security Podcast, hosts Chris Romeo and Robert Hurlbut engage in a deep discussion with guest David Quisenberry about various aspects of application...
•
Season 11
•
Episode 15
•
56:54
Matt Rose -- Software Supply Chain Security Means Many Different Things to Different People
In this episode of the Application Security Podcast, hosts Chris Romeo and Robert Hurlbut welcome Matt Rose, an experienced technical AppSec testing leader. Matt discusses his career journey and significant contributions in AppSec. The conversa...
•
Season 11
•
Episode 14
•
46:14
James Berthoty -- Is DAST Dead? And the future of API security
In this episode of the Application Security Podcast, host Chris Romeo welcomes James Berthoty, a cloud security engineer with a diverse IT background, to discuss his journey into application and product security. The conversation s...
•
Season 11
•
Episode 13
•
44:56
Mark Curphey and Simon Bennetts -- Riding the Coat Tails of ZAP, without Open Source Funding
Mark Curphey and Simon Bennetts, join Chris on the podcast to discuss the challenges of funding and sustaining major open source security projects like ZAP. Curphey shares about going fully independent and building a non-profit sust...
•
Season 11
•
Episode 12
•
42:32
Devin Rudnicki -- Expanding AppSec
Devon Rudnicki, the Chief Information Security Officer at Fitch Group, shares her journey of developing an application security program from scratch and advancing to the CISO role. She emphasizes the importance of collaboration, understanding t...
•
Season 11
•
Episode 11
•
35:57
Dustin Lehr -- Culture Change through Champions and Gamification
Dustin Lehr, Senior Director of Platform Security/Deputy CISO at Fivetran and Chief Solutions Officer at Katilyst Security, joins Robert and Chris to discuss security champions. Dustin explains the concept of security champions within the devel...
•
Season 11
•
Episode 10
•
45:10
Francesco Cipollone -- Application Security Posture Management and the Power of Working with the Business
Francesco Cipollone, CEO of Phoenix Security, joins Chris and Robert to discuss security and explain Application Security Posture Management (ASPM). Francesco shares his journey from developer to cybersecurity leader, revealing the origins and ...
•
Season 11
•
Episode 9
•
38:11
Mukund Sarma -- Developer Tools that Solve Security Problems
Mukund Sarma, the Senior Director for Product Security at Chime, talks with Chris about his career path from being a software engineer to becoming a leader in application security. He explains how he focuses on building security tools that are ...
•
Season 11
•
Episode 8
•
46:32
Meghan Jacquot -- Assumed Breach Red Team Engagements for AppSec
AppSec specialist Megan Jacquot joins Chris and Robert for a compelling conversation about community, career paths, and productive red team exercises. Megan shares her unique cybersecurity origin story, tracing her interest in the field from ch...
•
Season 11
•
Episode 7
•
40:55
Bill Sempf -- Development, Security, and Teaching the Next Generation
Robert is joined by Bill Sempf, an application security architect with over 20 years of experience in software development and security. Bill shares his security origins as a curious child immersed in technology, leading to his lifelong dedicat...
•
Season 11
•
Episode 6
•
39:44
Hendrik Ewerlin -- Threat Modeling of Threat Modeling
Robert and Chris talk with Hendrik Ewerlin, a threat modeling advocate and trainer. Hendrik believes you can threat model anything, and he recently applied threat modeling to the process of threat modeling itself. His conclusions are published ...
•
Season 11
•
Episode 5
•
33:50
Jason Nelson -- Three Pillars of Threat Modeling Success: Consistency, Repeatability, and Efficacy
Jason Nelson, an accomplished expert in information security management, joins Chris to share insights on establishing successful threat modeling programs in data-intensive industries like finance and healthcare. Jason presents his three main p...
•
Season 11
•
Episode 4
•
53:52
Erik Cabetas -- Cracking Codes on Screen and in Contests: An Expert's View on Hacking, Vulnerabilities, and the Evolution of Cybersecurity Language
Erik Cabetas joins Robert and Chris for a thought-provoking discussion about modern software security. They talk about the current state of vulnerabilities, the role of memory-safe languages in AppSec, and why IncludeSec takes a highly systemat...
•
Season 11
•
Episode 3
•
51:12
Justin Collins -- Enabling the Business to Move Faster, Securely
Justin Collins of Gusto joins Robert and Chris for a practical conversation about running security teams in an engineering-minded organization. Justin shares his experience leading product security teams, the importance of aligning security wit...
•
Season 11
•
Episode 2
•
47:19
Kyle Kelly -- The Dumpster Fire of Software Supply Chain Security
Kyle Kelly joins Chris to explore the wild west of software supply chain security. Kyle, author of the CramHacks newsletter, sheds light on the complicated and often misunderstood world of software supply chain security. He brings unique insigh...
•
Season 11
•
Episode 1
•
41:17
Chris Hughes -- Software Transparency
Chris Hughes, co-founder of Aquia, joins Chris and Robert on the Application Security Podcast to discuss points from his recent book Software Transparency: Supply Chain Security in an Era of a Software-Driven Society, co-authored with Tony Turn...
•
Season 10
•
Episode 39
•
39:10