The Application Security Podcast

This episode is an interview Robert and I did with Brook Schoenfield (@BrkSchoenfield) during the RSA Conference 2017.Brook S.E. Schoenfield is a Distinguished Engineer at Intel Security Group. At Intel Security (including the former McAfee), Mr. Schoenfield is the senior technical leader for delivering software products that protect themselves and Intel Security’s customers. He has been a security architecture leader at global technology companies for over 15 years of his 30+ years in high tech. He is a founding member of IEEE’s Center For Secure Design.We discuss secure design, architecture, and threat modeling. Brook has been an advocate for security across the industry for many years and has a knack for explaining complex things uncomplicatedly. What a pleasure to speak with him!Rate us on iTunes and provide a positive comment, please!FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Good day, friends. The Application Security PodCast has concluded our first season. With many friends' help, we could record 18 episodes. We’ve done something different for this final episode of season 1. Our producer, Daniel Romeo, has collected some of our favorite clips from this season, the things that stood out to us. Enjoy! And we look forward to the release of season 2 in a few months.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Join Rafal Los, a seasoned security consultant and voice behind the Down the Security Rabbit Hole Podcast, James Jardine, who bridges development and security, and Michael Santarcangelo, focused on client context. They dive into what makes a good security consultant, emphasizing not just technical skills but the power of empathy and listening. Discover why understanding team dynamics matters, and how new consultants can navigate their careers with hands-on experience and strong networks. Get ready for insights that can transform your approach to security consulting!

On this episode, Robert and I are joined by Adam Shostack (@adamshostack). Adam is a well-known speaker and thought leader in application security. We speak with Adam about how to connect with development teams. This all started about a year ago when Adam tackled the issue of thinking like a hacker and why he wanted people to think differently. We dive deep into this issue, but many other exciting nuggets also fall out in conversation.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Today we talk to Jon McCoy (@thejonmccoy), a developer turned security person. He’s been helping developers learn more about security. We talk about reverse engineering malware and .NET security, as well as a bit of security community and the mindset to Reverse Engineer.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

We bring you a recorded version of Chris’s security conference talk from 2016 for this episode. The talk is “AppSec Awareness, A Blue Print for Security Culture Change.” He covers The Problem Space, why we need application security, how to create sustainable security culture, and introduces the idea of Application Security Awareness. Chris had the luxury of building such a program while at Cisco and shares his experiences with the community.There are slides available to correspond with this talk. They aren’t required, but some may want to follow along. Check out https://speakerdeck.com/edgeroute to get a copy.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

In this episode, Robert and I are joined by Tracy Maleeff. Tracy is an InfoSec enthusiast with an MLIS degree. She has mad research and organizational skills. She co-hosts the PVCSec podcast. You can find Tracy on Twitter @InfoSecSherpa.Tracy is in the midst of a career transition. She began her career in Library Sciences and is moving into Information Security. We discussed the challenges of transition, how to network and connect, a process for transition, and three actionable things for those that want to make a transition. Enjoy!FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

In this episode, Robert interviews Chris about the security community. Chris talks about his experiences doing security community at a large organization for 5+ years. Robert keeps pushing Chris to make this applicable to small companies as well. You’ll hear best practices for building a security community in your org, including monthly training sessions, lunch and learns, and even an internal security conference. Chris also offers the profound statement that “everyone eats lunch.”FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

We are joined by Deidre Diamond, Founder, and CEO @cyber_sn & the Founder of @brain_babe. We discuss employment in the world of application security. We also dive deep into soft skills, exploring why they are foundational in the workforce. Deidre explains the benefits of win-win conversation, how words and everyday language connect, and how to have fun, compassion, love, integrity, and productivity all in one at work.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This is our third interview from ISC2 Security Congress. We are joined by Tony UcedaVelez, or TonyUV, founder and CEO of VerSprite – a global security consulting firm based in Atlanta, GA. Tony leads the OWASP Atlanta Chapter and BSides Atlanta.This is a deep dive into Tony’s experience with threat modeling. We explore the PASTA methodology he created.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~