The Elephant in AppSec

By The Elephant in AppSec

Time to discuss AppSec issues no one talks about.... more

· Technology

Download on the App Store

Download on the App Store

Get it on Google Play

FAQs about The Elephant in AppSec:

How many episodes does The Elephant in AppSec have?

The podcast currently has 58 episodes available.

The Elephant in AppSec episodes:

December 04, 2024 Risk, Product Management, and Supply Chain Security: Is There a Connection? ⎜Jesus Cuadrado
Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room.
Today, I’m thrilled to welcome Jesus Cuadrado to the show! Jesus is the Chief Product Officer at Xygeni, an ASPM platform focused on improving software supply chain security. With over a decade of experience in product management, he’s now leading the charge in creating user-friendly security tools while tackling critical challenges like ensuring reliable software updates and integrating zero-trust principles into product strategies.
In this episode, we’ll dive into the intersection of product management and security, unpacking the role of software composition analysis in mitigating library risks, the use of open-source packages, and strategies for ensuring their security.
Whether you’re curious about breaking into product management in security or want a product manager’s perspective on building effective security solutions, this episode has something for you.
Dive right in!
...more
50min
December 02, 2024 How hard is it to make DevSecOps work in a Hybrid Cloud? ⎜Michael Tayo
Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room.
Today, I’m thrilled to welcome Michael Tayo to the show! As the Information Security Lead at EDX Markets, Michael advises C-suite leaders and drives strategies to protect critical infrastructure in institutional crypto markets. With prior roles in Financial Services and Tempus AI, Michael brings a wealth of experience in cloud security and risk management.
He’s also the founder of CyberSHIELD, a platform empowering security professionals with training and resources, and The Ghetto Flower, a creative agency uplifting underrepresented talent.
In this episode, Michael and I explore differences in security testing for on-premise and cloud environments, the importance of asset visibility and risk assessment for hybrid cloud migration, and how DevSecOps practices thrive with leadership buy-in and team collaboration.
Plus, we discuss how to use security data to tell compelling stories and provide meaningful insights to stakeholders.

Dive right in!
...more
50min
November 25, 2024 Is It Possible to Maximize the Effectiveness of Security Champions? ⎜ Magdalena Modric
Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room.
Today, I’m thrilled to welcome Magdalena Modric to the show! Magdalena is an AppSec Program Strategist at Secure Code Warrior, where she’s been empowering developers in the German-speaking market to build secure applications since 2018.
Beyond her professional expertise, Magdalena is also a talented violinist—a wonderful reminder of how many AppSec professionals channel their passion into music and creativity outside of work.
In this episode, Magdalena and I dive into the critical role of Security Champion programs in scaling security efforts effectively. We explore why metrics should focus on business outcomes rather than just training participation, and whether cultural factors are the secret ingredient to successful security practices.
And much more! If you’re interested in specific stories of companies that introduced security champion programs and scaled them, this episode is for you.
Dive right in!
...more
47min
November 15, 2024 Hacker Turned Policy Builder: What They Don’t Want You to Know
Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room.

Today, I’m thrilled to welcome Patrick Mathieu to the podcast! Patrick is currently a Senior Manager of Product Security at DoorDash, but his impact on the cybersecurity world spans years.

Fifteen years ago, he founded Hackfest.ca, Canada's largest bilingual infosec conference and hacking community. Beyond Hackfest, Patrick is a sought-after speaker at cybersecurity conferences worldwide and the host of Securite.fm, a popular podcast on all things security and hacking.

In addition to his industry roles, Patrick serves as an advisor on Quebec’s Cybersecurity Committee, where he helps shape policy at a governmental level.

In this episode, Patrick shares his journey from his early days in the 90s—when he started hacking when the internet first became widely accessible—through to his motivations behind creating Hackfest and what sets it apart. We explore the vital role of cybersecurity committees, the influence of big tech on government policies, the dangers of social engineering and phishing, and so much more.

If you’re as passionate about hacking and security as Patrick is, you won’t want to miss this episode. Dive right in!
...more
56min
October 30, 2024 Why Is Transforming Company Culture for Product Security So Challenging? ⎜ Ariel Shin
Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room.
Today, I’m super excited to have Ariel Shin on the podcast! Ariel started as a pentester, moved into appsec, and now she’s a Security Engineering Manager at Datadog. Before that, she led the Product Security team at Twilio, where she led an effort to democratize vulnerability management across the company, which had a significant impact on reducing risk.
She’s also a regular speaker at conferences, and I actually got to meet her in person for the first time at BSides San Francisco this year, where she led an impressive panel on scaling security.
In this episode, I learned from Ariel why cultural transformation is challenging but necessary for successful product security initiatives and how Democratizing vulnerability management involves shifting the responsibility of risk from security compliance to engineering.
And much more! If you’re interested in practical ways to ease the cognitive load on engineers, find allies in security, and start creating a real shift in culture, this episode is for you.
Dive right in!
...more
48min
October 23, 2024 The API Governance Problem: Why Your API Security Is at Risk (And How to Fix It) ⎜Akansha Shukla
Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room.

Today, I’m excited to welcome Akansha Shukla, a cybersecurity expert with over 10 years of experience, currently specializing in API security at ABN AMRO, one of the largest banks in the Netherlands. Akansha has a strong background in application security, DevSecOps, threat modeling, and vulnerability assessments.

Beyond her work at the bank, Akansha enjoys sharing her knowledge and runs her own blog focused on API security. She’s also a notable contributor to platforms like Nordic APIs. And, of course, don’t miss her session at the upcoming API Days event in Paris!

Akansha's blog 👉 https://medium.com/@akanshashukla_78664
In this episode, we discuss why lots of organizations are still struggling to develop a clear vision and roadmap for API governance, why collaboration between security experts and API management teams is crucial for effective API security, and how regulations influence api security roadmap.

And much more! If you’re curious about how to start sharing your expertise and want to learn from someone who has done it successfully, this episode is perfect for you.

Dive right in!
...more
43min
October 15, 2024 AI Chatbots: Security Disaster or Can We Build Them Securely? ⎜Ante Gojsalic & Benjamin Dulieu
Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room.
Today, I have two incredible guests with me: Ante Gojsalic and Benjamin Dulieu.
Ben is a Chief Information Security Officer at Duck Creek Technologies, an Insurance SaaS provider supporting the end-to-end insurance process for many of the world’s largest carriers. A former U.S. Marine Corps Captain, Ben transitioned into cybersecurity leadership in 2016, leading Cyber and Technology Risk Management at Brown Brothers Harriman before taking on his current role, where he oversees cybersecurity, privacy, and IT infrastructure strategies.
Ante is the CTO and Co-founder of SplxAI, a platform for automated and continuous red teaming of conversational AI. Before launching SplxAI, Ante managed teams of 40+ engineers and delivered over 50 successful projects for global brands like Ford and GM, spanning across different countries.
Both Ben and Ante are passionate about sharing their knowledge, frequently speaking at conferences and on podcasts to help others learn from their extensive experience.
In this episode, we discuss how is the rise of AI challenging the traditional ways of securing systems, whether AI chatbots are a security disaster waiting to happen or if they can be built securely, and the crucial steps to ensure AI chatbot security.
And much more! If you’re curious about a CISO's view on AI security or managing the complexities of multi-language chatbots, this episode is for you.
Dive right in!
...more
50min
October 10, 2024 Open Source vs. Commercial Software: The Ultimate Showdown⎜Kyle Kelly
Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room.
Today, my guest is Kyle Kelly, Tech Lead for Supply Chain Security Research at Semgrep and the founder of the CramHacks weekly newsletter. You can subscribe here 👉 cramhacks.com
With a background in consulting and research, he specializes in supply chain security, using his expertise to shape the insights he shares.
Through CramHacks, he empowers readers to take an active role in software security and deepen their understanding of supply chain vulnerabilities.
In this episode, Kyle shares when you should focus on open source vs commercial tools and why open-source vulnerability management is, in his words, "a dumpster fire." We explore whether open-source versions of commercial tools are more trustworthy, and Kyle debunks the common theory that vulnerabilities persist simply because open-source maintainers haven’t fixed them yet.
But that's not all! We also dive into Kyle's passion for malware analysis and hear about his experiences as a cyber creator—like the time he was banned from Reddit (like me 🥲) for sharing his work.
Dive right in!
...more
49min
October 01, 2024 Privacy vs. Application Security: Can They Truly Coexist? | Kim Wuyts
Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room.
Today, my guest is Kim Wuyts, a leading privacy engineering expert with over 15 years of experience in security and privacy. Before joining PwC Belgium as Manager of Cyber & Privacy, Kim was a senior researcher at KU Leuven, where she led the development and extension of LINDDUN, a popular privacy threat modeling framework.
Kim is also a co-author of the Threat Modeling Manifesto, program co-chair of the International Workshop on Privacy Engineering (IWPE), and a member of ENISA’s working group on Data Protection Engineering. She is a frequent speaker at international privacy and security conferences, and what I truly love about Kim’s presentations is that she raises privacy issues in a fun, entertaining way that really sticks with the audience.
In this episode, we talk with Kim about how privacy used to be part of security because security professionals cared about data, how they now need to coexist, and what impact AI will have on privacy.
And there’s much more! This episode is perfect if you want to know what your car can collect about you, and where to get started in investing in your privacy engineering skills, so you don’t fall behind.
Dive right in!
...more
46min
September 24, 2024 From PhD to AppSec: How to Bridge the Gap Between Research & Security Tools | Diego Sempreboni
Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room.
Today, I’m joined by Diego Sempreboni, a Senior Application Security Engineer at Pleo. Diego earned his PhD in Computer Science, specializing in security, at King’s College London. After realizing his passion lay in solving real-world problems, he transitioned from academia to product and application security, gaining valuable experience in various fintech companies in the UK.
In this episode, we discuss the key differences between academia and engineering in security and why vendors should focus on creating tools that do less but do it better—tools that actually help to fix problems. We also explore the challenges of automating threat modeling and remediation, and why trust within a company is crucial for AppSec engineers.
And there’s much more! This episode is perfect for anyone weighing the choice between security research and engineering or for newcomers eager to learn more about AppSec!
Dive right in!
...more
43min

FAQs about The Elephant in AppSec:

How many episodes does The Elephant in AppSec have?

The podcast currently has 58 episodes available.