The Application Security Podcast

Sarah-Jane Madden is the Chief Information Security Officer of Sensing Technology Group. - part of Fortive. She has over 20 years of software experience, from the most formal environments to ‘let’s fix it in production’ type teams. She has been a longtime advocate of deliberate application security as a partnership with product management and believes security does not have to be an overhead. Sarah-Jane joins us to discuss her talk at OWASP Dublin, "Far from green fields — introducing Threat Modeling to established teams." She shares lessons learned from her 3-year journey and is transparent with the mistakes she made along the way. We hope you enjoy this conversation with...Sarah-jane Madden.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Jet Anderson's passion is teaching today's software developers to write secure code as part of modern DevOps pipelines, at speed and scale, without missing a beat. He's been a software engineer for over 25 years and believes fixing security bugs is better than finding them. Jet joins us to discuss software or security engineer first, how fixing security bugs is better than just finding them, and the Code Doctor security training program he built and deployed. We hope you enjoy this conversation with...Jet Anderson.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

James Mckee is a developer (MCPDEA) and security advocate (CISSP) whose biggest responsibility is leading developer security practices. He sets the standards and procedures for the practice's operations and leads all client engagement efforts concerning security. He also takes the lead in ensuring that company staff (developers specifically) are properly trained and following best practices concerning application security. Currently, he is responsible for training and providing product guidance for developers worldwide. James joins us to discuss offensive application security for developers. We also get into the role of security professionals in reaching developers outside of the security echo chamber. We hope you enjoy this conversation with...James Mckee.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Derek is the author of “The Application Security Handbook.” He is a university instructor at Temple University, where he teaches software development security to undergraduate and graduate students. He is a speaker on topics in the cybersecurity space and has led security teams, large and small, at organizations in the healthcare and financial industries. Derek joins us to unpack the goals of an application security program, what is cutting edge in application security programs today, the role of open source vs. commercial, and guidance such as "decentralized application security." "enablement instead of gates; application security as a service," and "stop chasing the shiny new tool." We hope you enjoy this conversation with...Derek Fisher.Find the book at https://www.manning.com/books/application-security-program-handbookFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Rob van der Veer has a 30-year background in software engineering, building AI businesses, creating software, and assessing software. He is a senior director at the Software Improvement Group, where he established practices for AI, security, and privacy. Rob is involved in several standardization initiatives like OWASP SAMM, ENISA, CIP, and AI security & privacy guide. He leads the writing group for the new ISO standard on AI engineering: 5338. Rob co-leads the OWASP integration project, with openCRE.org as a key result, aiming to create alignment in the standards landscape. Rob joins us to introduce the OWASP AI Security and Privacy Guide. We cover Rob's observations on how AI engineering differs from regular software engineering, typical software engineering pitfalls for AI engineers, the new guide's scope, threats introduced with AI, and mitigations that orgs and teams can use to build a secure AI system. We hope you enjoy this conversation with...Rob van der Veer.Show Notes:Visit the OWASP Security & Privacy Guide here --> https://owasp.org/www-project-ai-security-and-privacy-guide/FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Robyn Lundin started working in tech after a coding boot camp as a developer for a small startup. She then discovered her passion for security, pivoted into pentesting for NCC Group, and now works as a Senior Product Security Engineer for Slack. Robyn joins us to discuss the role of penetration testing within the application security realm. Robyn provides actionable guidance you can apply directly to your application pen testing program. We hope you enjoy this conversation with....Robyn Lundin.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Michael Bargury, CTO of Zenity, discusses low-code/no-code security and the OWASP top ten. They explore the power and risks of low code and no code platforms, the positive aspects and importance of security in these platforms, challenges of ensuring security for business users, data leakage and issues with local no code platforms, and the importance of understanding the security implications and taking responsibility.

Alex Olsen, Cyber Security Consulting Group leader at Rakuten's Cyber Security Defense Department, discusses security champions, democratizing application security, implementing a security champions program, onboarding process, connecting volunteers to the community, scope, cost, and effort in a security champions program, keeping a champions program engaging, and sharing experiences on security champions and AppSec training.

Mark Curphey is one of the creators of OWASP from the very early days. Mark worked in the background over the few decades of OWASP but has recently taken more to the spotlight. After running, he was elected and joined the OWASP Board of Directors. This conversation starts with the historical story of Mark and his history with OWASP. Then we jump into the visions for OWASP in the future and the plans in place to reach those goals. We hope you enjoy this conversation with...Mark Curphey.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tiago Mendo is a co-founder and CTO of Probely. He has extensive experience in pentesting applications, training, and providing all-around security consultancy. Tiago started working with security in the early 2000s, beginning with a tenure of 12 years at Portugal Telecom. While there, he built the web security team and worked with 150+ developers. He holds a Master's in Information Technology/Information Security from Carnegie Mellon University and a CISSP certification. He is also a qualified member of AP2SI, a non-profit organization that promotes Information Security in Portugal, and Co-Leader of the Lisbon OWASP Chapter. He is a frequent speaker at security events, such as Confraria da Segurança da Informação, BSides Lisbon, BSides Kraków and LASCON. Tiago Mendo joins us to discuss OWASP ZAP and DAST scanning at scale. Tiago shares what scanning at scale is, the common challenges development teams must overcome when scanning at scale, and how to overcome them using OWASP ZAP. We hope you enjoy this conversation with ... Tiago Mendo.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~