Eptura’s Sean Finley on Building Risk-Based Application Security Programs episode artwork

EPISODE · Jan 28, 2025 · 26 MIN

Eptura’s Sean Finley on Building Risk-Based Application Security Programs

from Ahead of the Breach · host Sprocket

What if vulnerability management was less about filling backlogs with findings and more about strategic risk reduction? Sean Finley, Director of Application & Product Security at Eptura, brings a refreshing perspective to application security to his conversation with Casey on this episode of Ahead of the Breach.  Shaped by years of experience as both a software analyst and security leader, his approach challenges the traditional "dump truck of data" mentality, instead advocating for thoughtful prioritization and strong stakeholder partnerships. From building bridges with development teams to making the case for security investments to business leaders, Sean shares practical wisdom for creating AppSec programs that truly serve organizational goals while keeping risks in check. Topics discussed: Understanding the limitations of traditional vulnerability management and why flooding backlogs with findings doesn't equate to effective security. Building strategic partnerships with business stakeholders to ensure security efforts align with organizational priorities and risk tolerance. Integrating security tools seamlessly into developer workflows to reduce friction and increase adoption across engineering teams. Advocating for security considerations during the design phase to prevent costly fixes and potential data breaches later. Managing the delicate balance between development speed and security requirements in modern Agile environments. Creating effective risk-based approaches to vulnerability prioritization based on business context and threat intelligence. Developing strategies for earning developer trust and respect while educating teams about security concepts and threats. Implementing repeatable security processes that work across different release cadences, from quarterly to daily deployments. Building quality assurance into the software development lifecycle through consistent security testing and validation. Fostering a collaborative security culture that emphasizes enablement rather than obstruction or purely compliance-driven approaches.

What if vulnerability management was less about filling backlogs with findings and more about strategic risk reduction? Sean Finley, Director of Application & Product Security at Eptura, brings a refreshing perspective to application security to his conversation with Casey on this episode of Ahead of the Breach. Shaped by years of experience as both a software analyst and security leader, his approach challenges the traditional ”dump truck of data” mentality, instead advocating for thoughtful prioritization and strong stakeholder partnerships. From building bridges with development teams to making the case for security investments to business leaders, Sean shares practical wisdom for creating AppSec programs that truly serve organizational goals while keeping risks in check. Topics discussed: - Understanding the limitations of traditional vulnerability management and why flooding backlogs with findings doesn’t equate to effective security. - Building strategic partnerships with business stakeholders to ensure security efforts align with organizational priorities and risk tolerance. - Integrating security tools seamlessly into developer workflows to reduce friction and increase adoption across engineering teams. - Advocating for security considerations during the design phase to prevent costly fixes and potential data breaches later. - Managing the delicate balance between development speed and security requirements in modern Agile environments. - Creating effective risk-based approaches to vulnerability prioritization based on business context and threat intelligence. - Developing strategies for earning developer trust and respect while educating teams about security concepts and threats. - Implementing repeatable security processes that work across different release cadences, from quarterly to daily deployments. - Building quality assurance into the software development lifecycle through consistent security testing and validation. - Fostering a collaborative security culture that emphasizes enablement rather than obstruction or purely compliance-driven approaches.

NOW PLAYING

Eptura’s Sean Finley on Building Risk-Based Application Security Programs

0:00 26:27

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of Ahead of the Breach?

This episode is 26 minutes long.

When was this Ahead of the Breach episode published?

This episode was published on January 28, 2025.

What is this episode about?

What if vulnerability management was less about filling backlogs with findings and more about strategic risk reduction? Sean Finley, Director of Application & Product Security at Eptura, brings a refreshing perspective to application security to his...

Can I download this Ahead of the Breach episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!