In this engaging discussion, Alex Salazar, founder and CEO of Arcade, shares his extensive experience in security from his time at Okta and Stormpath. He dives into the evolution of authentication and authorization in an AI-driven world. Discover how AI agents change security dynamics and why identity is the new perimeter. Alex also explores the risks of AI hallucinations and the importance of human oversight in automated processes. Don't miss insights on OAuth challenges and the transformative impact of AI on productivity.

Episode SummaryIn this episode of The Secure Developer, Danny Allan sits down with Mrinal Wadhwa, CTO at Ockam, to explore the evolving landscape of secure communication in distributed systems. They discuss the challenges of securing microservices, IoT networks, and Kubernetes environments and how traditional TLS-based security models may no longer be sufficient. Mrinal shares insights into Ockam’s approach to end-to-end encrypted, mutually authenticated channels and the impact of WebAssembly, passkeys, and modern cryptographic identity management on security. Tune in for a deep dive into how organizations can rethink security at runtime to minimize risks in today’s complex digital ecosystems.Show NotesSecurity in modern applications is more challenging than ever, with microservices architectures, IoT deployments, and distributed computing environments introducing new risks. In this episode, Danny Allan welcomes Mrinal Wadhwa, CTO at Ockam, to discuss how secure communication models need to evolve beyond traditional TLS and perimeter-based defenses.Topics covered include:The challenges of securing microservices and Kubernetes clustersHow end-to-end encryption and mutual authentication can minimize riskThe importance of cryptographic identities and key rotation at scaleHow Ockam enables secure channels across multiple transport layers (TCP, Bluetooth, Kafka, etc.)The role of WebAssembly and passkeys in rethinking security modelsShifting from perimeter-based security to secure-by-design communicationMrinal shares key insights on how organizations can rethink risk at runtime, considering the number of people and systems involved in data flow rather than just static build-time dependencies. Whether you're a security leader, developer, or architect, this episode provides actionable insights on building trust in your infrastructure without compromising performance or agility.LinksOckamPasskeys OverviewPrivate Compute Cloud by AppleSnyk - The Developer Security Company Follow UsOur WebsiteOur LinkedIn

Episode SummaryIn this episode of The Secure Developer, Danny Allan, CTO of Snyk, sits down with Wayne Chang, Founder and CEO of SpruceID, to explore the evolving landscape of digital identity and security. From self-sovereign identity to the role of AI in authentication, they discuss the future of identity management, the risks of centralized systems, and the benefits of decentralized approaches. They also dive into how policy, compliance, and emerging technologies like passkeys and zero-knowledge proofs are shaping the security ecosystem.Show NotesThe world of digital identity is changing fast, and in this episode of The Secure Developer, we explore how security professionals and developers can navigate this evolving space. Host Danny Allan is joined by Wayne Chang, Founder and CEO of SpruceID, to discuss key trends and challenges in identity management.Topics Discussed:Wayne's Background: From health tech to digital identity, how Wayne’s early struggles with integrating health records led to his passion for self-sovereign identity.The Evolution of Digital Identity: Why usernames and passwords are no longer the gold standard, and how newer methods like passkeys and cryptographic credentials improve security.Decentralization vs. Centralization: The trade-offs between federated identity systems (like OAuth and SSO) and self-hosted identity wallets.The Role of AI in Identity Security: How AI is both a tool for improving security and a threat vector for identity fraud.Privacy and Compliance: How regulations like GDPR, CCPA, and emerging state-level laws influence digital identity strategies.The Future of Authentication: The move from multi-factor authentication to "myriad factor authentication," leveraging multiple signals for seamless and secure access.Wayne and Danny also discuss real-world use cases, including the development of mobile driver's licenses, emerging digital identity wallets, and the challenges of ensuring privacy and security while maintaining usability. The conversation highlights how organizations can stay ahead with better authentication practices and privacy-preserving architectures as fraud becomes more sophisticated.LinksSpruceID - Identity infrastructure for the digital worldNIST - The National Institute of Standards and TechnologyNIST SP 800-63 - Digital Identity GuidelinesACLU Digital ID State Legislative RecommendationsSnyk - The Developer Security Company Follow UsOur WebsiteOur LinkedIn

Episode SummarySecurity is more than just a checklist—it’s a cultural movement. In this episode, Dustin Lehr, Co-founder of Katilyst, joins Danny Allan to explore the intersection of security, engineering, and culture. They discuss how to foster security champions, scale security programs, and build a culture where developers naturally integrate security into their workflows. Dustin shares insights from his extensive career, offering practical strategies for creating lasting change in security practices.Show NotesSecurity isn’t just about tools—it’s about people. In this episode of The Secure Developer, Dustin Lehr, Co-founder of Katilyst, joins Danny Allan to discuss the importance of building a strong security culture within engineering teams.Dustin shares his journey from software engineering to security leadership, emphasizing how security should be an extension of software quality. He highlights how security champions programs can empower developers to take ownership of security without disrupting their workflow.Key topics include:The evolution of software development and how security fits inBest practices for launching and sustaining a security champions programThe psychology of change and how to influence developer behaviorThe role of AI in security culture—what works and what doesn’tMetrics and strategies for measuring the success of security initiativesWith real-world insights and actionable advice, this episode is a must-listen for security and engineering leaders looking to scale security through culture, not just technology.LinksKatilyst – Dustin Lehr’s company focused on security cultureSecurity Champion Program Success Guide – A free resource for building effective security champion programsSnyk - The Developer Security Company Follow UsOur WebsiteOur LinkedIn

Jeremiah Grossman, an application security pioneer and former CEO of WhiteHat Security, shares insights from his extensive career, including his influence on OWASP. The discussion reveals the evolution of web application security, highlighting past vulnerabilities like SQL injection and the complexities of modern compliance. Jeremiah emphasizes the need to align developer incentives with security priorities, while also navigating the emerging challenges posed by AI-generated code. He draws fascinating parallels between Brazilian Jiu-Jitsu and cybersecurity, advocating for continuous learning and collaboration.

Episode SummaryIn this episode of The Secure Developer, host Danny Allan sits down with David Mytton, founder and CEO of Arcjet, former CEO of Server Density, and co-founder of Console.dev. David shares his insights into bridging the “developer-security gap” with Arcjet, a cutting-edge middleware SDK designed to empower developers with advanced security tools like rate limiting and bot protection. The conversation dives into the evolution of developer tools, the growing role of AI in coding, and the future of secure software development in modern environments. David also offers a fascinating perspective on sustainable computing and the impact of clean energy in the tech industry.Show NotesIn this thought-provoking episode of The Secure Developer, host Danny Allan sits down with David Mytton, founder and CEO of Arcjet, to explore the evolving intersection of development, security, and AI. David, a serial entrepreneur with deep roots in cloud monitoring and developer tools, shares his journey from co-founding Server Density to building Arcjet, a groundbreaking solution for developers managing runtime security.The conversation begins with David’s take on why developers should prioritize security early in the development lifecycle. He highlights the challenges developers face in modern environments, where traditional security tools often fail to integrate seamlessly with serverless and edge computing platforms. David introduces Arcjet as an innovative SDK that empowers developers to implement rate-limiting, bot detection, and other security measures directly in their applications, offering a developer-first approach to runtime protection.Delving deeper, the discussion shifts to the rise of WebAssembly as a transformative technology. David explains how WebAssembly enables near-native performance across platforms while providing unparalleled isolation—making it a perfect fit for modern security needs. He contrasts this with traditional intrusion detection systems and outlines how Arcjet leverages WebAssembly to fill the gaps left by legacy tools.The episode also explores the broader evolution of the developer ecosystem. From the increasing adoption of AI-powered coding tools to the growing interest in languages like Rust, David shares his perspective on how these trends are reshaping software development. He also discusses the challenges of balancing AI-generated code with the need for security and the potential for AI to exacerbate vulnerabilities if not carefully managed.As the conversation wraps up, David touches on his research in sustainable computing and its implications for the tech industry. He highlights the positive strides being made toward greener computing practices and how developers can contribute to a more sustainable future.This episode offers a rich blend of technical insights, forward-thinking ideas, and practical advice for developers and security professionals navigating the ever-changing landscape of software security and development.LinksArcjetConsoleAcquiaRust Programming LanguageUniversity of OxfordSnyk - The Developer Security Company Follow UsOur WebsiteOur LinkedIn

Berkay Berabi, an AI researcher and Senior Software Engineer at Snyk, shares his journey from electrical engineering to pioneering AI-driven vulnerability detection. He discusses how Snyk combines human expertise with machine learning for faster, more accurate security solutions. Berkay introduces CodeReduce, a revolutionary tool that simplifies complex code structures, enhancing vulnerability detection. The conversation also touches on addressing AI hallucinations and the balance between speed and performance in AI models, highlighting both the opportunities and risks of generative AI in coding.

Jeff Wang, Head of Business at Codeium and AI specialist, explores the evolution of coding assistants from simple tools to advanced AI-driven helpers. He discusses how generative AI dramatically boosts productivity and innovation in software development. Jeff dives into the importance of addressing security concerns with LLMs, potential solutions for safeguarding code, and the balance between AI capabilities and user satisfaction. He also emphasizes the need for diverse coding tools to support various developer environments, aiming to transform tech landscapes.

David Imhoff, Director of DevSecOps at Kroger, discusses implementing DevSecOps in large organizations, balancing regulatory compliance with business objectives, building a security culture, risk mitigation challenges, importance of asset management, security champions, and potential impact of AI on cybersecurity practices.

Founder of Snyk, Guy Podjarny, shares insights on integrating security into the developer workflow and the impact of AI on the industry. They discuss challenges faced, importance of open-source security, and future of autonomous developer security. The podcast explores Snyk's journey from inception in a shower to becoming a developer-first security platform.