Powered by RND
PodcastsTechnologiesThe Elephant in AppSec

The Elephant in AppSec

The Elephant in AppSec
The Elephant in AppSec
Dernier épisode

Épisodes disponibles

5 sur 65
  • AI Security: Do You Need a Dedicated Vendor? | Insights with James Berthoty
    Welcome to Season 4 of The Elephant in AppSec! Get ready for a season packed with even spicier takes! Today's episode features none other than James Berthoty, a security engineer turned founder and CEO of Latio. James is always ready to share his unfiltered opinions, and I’ve had the pleasure of chatting with him for last couple of years. Over the past few months, there were a lot of discussions around AI security, and I invited him on the show before his new report even hit the public to discuss his thoughts on this very hot topic.In today’s conversation, James unpacks why we’re seeing an executive push for AI solutions, and why practitioners should proceed with caution. He also shares why most people probably don’t need an AI security vendor and some stories about the pushback he received after publishing his report. Plus, we’ll talk about why we, as an industry, need to stay grounded in our approach to AI in security.Dive right in!
    --------  
    45:43
  • Why AppSec isn’t just for tech — Surprising Insights ⎜ Olga Dzięgielewska
    Today, I’m joined by Olga Dzięgielewska, Senior Manager of InfoSec Application Security at Philip Morris International. With over 10 years of experience in secure code reviews, a PhD in IT Security, and now leading global AppSec teams, Olga specializes in secure development practices, IT assurance, ethical hacking, API security and SAP security, driving security initiatives across multiple international locations.In this episode, we tackle common misconceptions about application security and exploring the unique challenges faced by the manufacturing sector compared to tech companies.We also discuss how to ensure a seamless digital transformation, the role of cultural differences in communication and decision-making, and of course, the ever-present issue of supply chain security.Dive right in! Connect with Olga: https://www.linkedin.com/in/olusia/Connect with Alexandra: https://www.linkedin.com/in/alexandra-charikova/This podcast is brought to you byEscape: https://escape.tech  — Modern DAST built to test for business logic instead of missing headers
    --------  
    39:23
  • Are Traditional WAFs Dead? The Impact of OpenAPI Specs on Web Security with Nathan Byrd
    Today, I’m joined by Nathan Byrd, a Principal AppSec Architect at Applied Systems. Nathan’s journey is truly unique: before joining Applied Systems, he spent an impressive 24 years at Mastercard, where he rose from a software engineer to a Principal AppSec Architect. That’s the longest tenure we’ve seen from anyone on the podcast!Nathan is passionate about building things, whether it’s his early days as an internet fan, building projects with Raspberry Pi Pico, or more recently, creating OAShield (away shield). This open-source project helps generate WAF config files based on OpenAPI specs, which we dive into during today’s conversation.In this conversation, we explore whether traditional WAFs are becoming obsolete in the age of OpenAPI specs, how to keep them accurate, and why adopting a top-down approach to API specifications is key to enhancing security.Nathan also provides valuable advice for aspiring developers passionate about security and explains how he believes AI will play a transformative role in shaping the future of AppSec.Dive right in!
    --------  
    40:45
  • Finding AppSec tools that developers love — is it possible? with Linda Fay
    Today I’m joined by Linda Fay, a seasoned leader in Application Security with over 13 years of experience. She’s led large-scale security programs, most recently as Director of Product Security Engineering, where she secured thousands of applications and delivered major cost savings. Now working as an independent consultant, she helps organizations improve their AppSec posture and explore the intersection of AI and security. Linda also leads the OWASP Nashville chapter and is deeply involved with WiCyS, mentoring the next generation of women in cybersecurity.In this episode, we dive into whether it’s possible to find AppSec tools that developers actually like—regardless of their acronyms—and how the rapid rise of AI is reshaping the security tooling. Linda also shares her experience justifying security budgets in the absence of compliance mandates, and how she managed to save over $600K annually by streamlining AppSec tools.Dive right in! Connect with Linda: https://www.linkedin.com/in/faylinda/Connect with Alexandra: https://www.linkedin.com/in/alexandra-charikova/This podcast is brought to you byEscape: https://escape.tech — Modern DAST built to test for business logic instead of missing headers
    --------  
    32:05
  • What Most Security Teams Miss: An Engineering Manager’s Take on AppSec with Desmond Lamptey
    Today’s episode is a special one. I’m joined by Desmond Lamptey, a Software Engineering Manager at a large financial organization.I first came across Desmond during his talk on API Security at APIDays Paris—and honestly, it was one of the best talks I’ve seen. Not only because of the insights, but also the dad jokes.That talk made me curious: What drives a seasoned engineer like Desmond to speak about security with such passion? And more importantly, what does he think security teams get wrong when it comes to their collaboration with teams like his?With over a decade of technical experience and a Certified Ethical Hacker certification under his belt, Desmond regularly shares his knowledge through public speaking and brings a unique developer’s perspective to security.In this episode, we dive into his path to becoming a security champion, the challenges of engaging developers in security conversations, why he’d change the way security teams label vulnerabilities for developers, and how gamifying security education can help close the gap between devs and security teams.Dive right in! 
    --------  
    39:36

Plus de podcasts Technologies

À propos de The Elephant in AppSec

Time to discuss AppSec issues no one talks about.
Site web du podcast

Écoutez The Elephant in AppSec, Acquired ou d'autres podcasts du monde entier - avec l'app de radio.fr

Obtenez l’app radio.fr
 gratuite

  • Ajout de radios et podcasts en favoris
  • Diffusion via Wi-Fi ou Bluetooth
  • Carplay & Android Auto compatibles
  • Et encore plus de fonctionnalités
Applications
Réseaux sociaux
v7.20.2 | © 2007-2025 radio.de GmbH
Generated: 7/12/2025 - 6:14:50 PM