Good day, friends. The Application Security PodCast has reached the conclusion of our first season. With the help of many friends, we were able to record 18 episodes. We’ve done something a bit different for this final episode of season 1. Our producer, Daniel Romeo, has collected some of our favorite clips from this season, the things that really stood out to us. Enjoy! and we look forward to the release of season 2 in a few months.
Greetings all! We have a treat for you this episode. Robert and I are joined by the crew from the Down the Security Rabbit Hole Podcast. This includes Rafal Los (@wh1t3rabbit), James Jardine (@jardinesoftware), and Michael Santarcangelo (@catalyst). This is a special conversation for me, because the AppSec PodCast was born from the first interview I did with #DtSR. I was featured on DtSR Episode 204 in July 2016 after a friend suggested me to Raf on Twitter. (Thanks Nigel!) The DtSR episode was entitled “On Changing Culture”. I had listened to these guys on and off for years, and now had the chance to be interviewed by them. The experience pushed me to start this PodCast, and here we are 17 episodes later.
In this conversation we answer the question “What Makes a Good Security Consultant?” We quickly admit that a consultant does not have to mean someone that charges per hour for security. These guys have a wealth of knowledge and experience on the topic, and I know that you’ll walk away with multiple ideas to apply. Enjoy!
On this episode, Robert and I are joined by Adam Shostack (@adamshostack). Adam is a well known speaker and thought leader in the world of application security. We speak with Adam about how to connect with development teams. This all started about a year ago, when Adam tackled the issue of thinking like a hacker, and why he wanted people to think differently. We dive deep into this issue, but many other interesting nuggets also fall out in conversation.
Today we talk to Jon McCoy (@thejonmccoy), a developer turned security person. He’s been helping developers learn more about security. We talk about reverse engineering malware and .NET security, as well as a bit of security community, and the mindset to Reverse Engineer.
For this episode, we bring you a recorded version of Chris’s security conference talk from 2016. The talk is entitled “AppSec Awareness, A Blue Print for Security Culture Change”. He covers The Problem Space or why do we need application security, how to create sustainable security culture, and introduce the idea of Application Security Awareness. Chris had the luxury of building such a program while at Cisco, and shares his experiences with the community.
There are slides available to correspond with this talk. They aren’t required, but some may want to follow along. Check out https://speakerdeck.com/edgeroute to get a copy.
On this episode, Robert and I are joined by Tracy Maleeff. Tracy is an InfoSec enthusiast with a MLIS degree. She has mad research and organizational skills. She co-hosts the PVCSec podcast. You can find Tracy on Twitter @InfoSecSherpa.
Tracy is in the midst of a career transition. She began her career in Library Sciences, and is currently making the move into Information Security. We discussed the challenges of transition, how to network and connect, a process for transition, and three actionable things for those that want to make a transition. Enjoy!
On this episode, Robert interviews Chris about security community. Chris talks about the experiences he’s had doing security community at a large organization for 5+ years. Robert keeps pushing Chris to make this applicable for small companies as well. You’ll hear best practices for how you can build security community in your org, including monthly training sessions, lunch and learns, and even internal security conference. Chris also offers the profound statement that “everyone eats lunch”.
We are joined by Deidre Diamond, Founder and CEO @cyber_sn & the Founder of @brain_babe. We discuss employment in the world of application security. We also dive deep into soft skills, exploring why they are foundational in the work force.Deidre explains the benefits of win-win conversation, how words and common language connect, and how to have fun, compassion, love, integrity and productivity all in one at work.
This is the mid-point of our first season of the AppSec Podcast. We’ll take next week off, and then come back with nine more episodes that drive us to the end of Season 1. Stay tuned!
This is our third interview from ISC2 Security Congress. We are joined by Tony UcedaVelez, or TonyUV, founder and CEO of VerSprite – a global security consulting firm based in Atlanta, GA. Tony leads the OWASP Atlanta Chapter and BSides Atlanta.
This is a deep dive into Tony’s experience with threat modeling. We explore the PASTA methodology he created.
This is our second interview from ISC2 Security Congress. We are joined by Glenn Leifheit (@), an InfoSec and Development Evangelist at Microsoft. Microsoft is the grandparent to almost every secure development lifecycle across the industry.
This is an in depth discussion about how to actually do SDL. Glenn shares some things during this conversation that I’ve never heard in public before about the internals of Microsoft’s SDL process. You will take something away from this conversation that you can apply to your program.