All Episodes

The Lethal Trifecta or why your AI agent knows too much - Jason Fernandes

25 years of the same problem in Application Security - Sam Stepanyan

Should security belong in every AI strategy meeting? with Amol Deshpande

What Mindset Shift Developers Need to Break Into Security? with Aleksandra Kornecka

Is the AI–API interaction the biggest security blind spot? with Gowtham Sundar

What best drives the adoption of secure software practices? with Enrique Larios Vargas

Why AppSec Needs More Than Just a Checkbox ⎢ Marcos Vinicius Cassel

The Supply Chain Crisis We Created: How AI, Extensions, and Dependencies Became the New Attack Surface with Aamiruddin Syed

Why AppSec Is breaking: Vibe Coding, DevSecOps backlogs & the new OWASP Top 10 (with Tanya Janca)

Secure by Design: Who’s Really Responsible? with Abhijeth Dugginapeddi

The Pressure of Security Leadership: What SLAs Actually Work? with Terry O'Daniel

Can We Make AI Agents Smarter Than Security Teams? with Anshuman Bhartiya

Why DevSecOps isn't enough without deep cloud context with Anjali Singh Shukla

Decoding a Healthy Security Program: What Does "Healthy" Even Mean? with Maxwell Zhou

Why SAP Security Can be a Hidden Weakness for Enterprises with Oumaima Baira

Latin America’s AppSec Culture: What’s Lost (and Found) in Translation?

OWASP SAMM vs BSIMM: Which Maturity Model Reigns Supreme?

Security Culture: When Are We Really Creating Change? with Marisa Fagan

Security Wins Only When Institutionalized – Here’s Why!⎜Kevan Bard

Why Your Security Program Might Be Failing Before It Even Starts with Sean Finley

The Future of Pentesting: Can AI Replace Human Expertise?

How to Fix the Lack of Clear Guidance in Building Effective Security Programs | Luís Fontes

AI Security: Do You Need a Dedicated Vendor? | Insights with James Berthoty

Why AppSec isn’t just for tech — Surprising Insights ⎜ Olga Dzięgielewska

Are Traditional WAFs Dead? The Impact of OpenAPI Specs on Web Security with Nathan Byrd

Finding AppSec tools that developers love — is it possible? with Linda Fay

What Most Security Teams Miss: An Engineering Manager’s Take on AppSec with Desmond Lamptey

Compliance in Cyber: Can Regulation and Innovation coexist?⎜Chris Hughes

The Future of Product Security: Quality Engineering or something more? with Michael Novack

Should We Fix All Bad Code? with Eitan Worcel

AI, Speed, and Startup Chaos: Is ‘Minimum Viable Security’ the Fix? ⎜ Kalyani Pawar

Security IDE Plugins: Can They Really Boost Your Coding Security? ⎜Jamie Scott

DAST Tools: Can We Change the AppSec Community Perception? with Chris Lindsey

Secure Coding — Can we make it happen? with Tanya Janca

How Psychology Really Shapes AppSec Wins & Fails ⎢ Curtis Koenig

The Open Source Security Crisis: Is Trust the Weakest Link in Supply Chain? with François Proulx

Are we truly managing Third-Party risks, or just playing security theater? ⎢Rachel Curran

Hyped or Helpful? The Truth About Reachability & Developer Buy-In ⎢ Nir Valtman

DevSecOps vs. Reality: What You REALLY Need to Succeed!

Unpacking Opengrep—A Deep Dive with Its Backing Teams

Is There a Secret to Mastering Threat Modeling at Scale? Ashwini Siddhi (GoDaddy)

Can You Really Quantify AppSec ROI? Here’s the Truth! ⎜Irfaan Santoe

How to Fix API Security Before It’s Too Late ⎜ Confidence Staveley

The Untold Benefits of Continuous Threat Modeling You Didn’t Know About ⎜Izar Tarandach

What does “collaborate with engineering” actually mean in AppSec? ⎜Koen Hendrix (Zendesk)

Is your organization mature enough for its first AppSec hire?⎢Akira Brand

Are we overlooking Kubernetes security in the race to deploy applications - Raunaq Arora

Is it actually realistic to see everyone as the greatest ally in security? - Alina Yakubenko

Can DevSecOps Maturity Models Fail? The Hidden Gaps in AppSec Programs ⎜Timo Pagel

Risk, Product Management, and Supply Chain Security: Is There a Connection? ⎜Jesus Cuadrado

How hard is it to make DevSecOps work in a Hybrid Cloud? ⎜Michael Tayo

Is It Possible to Maximize the Effectiveness of Security Champions? ⎜ Magdalena Modric

Hacker Turned Policy Builder: What They Don’t Want You to Know

Why Is Transforming Company Culture for Product Security So Challenging? ⎜ Ariel Shin

The API Governance Problem: Why Your API Security Is at Risk (And How to Fix It) ⎜Akansha Shukla

AI Chatbots: Security Disaster or Can We Build Them Securely? ⎜Ante Gojsalic & Benjamin Dulieu

Open Source vs. Commercial Software: The Ultimate Showdown⎜Kyle Kelly

Privacy vs. Application Security: Can They Truly Coexist? | Kim Wuyts

From PhD to AppSec: How to Bridge the Gap Between Research & Security Tools | Diego Sempreboni

AppSec for Startups: Critical or Overlooked? | Rob Picard

What are the risks associated with open source? | Kaiwen Jiang

Season 2 The Elephant in AppSec Podcast Trailer

AI Security - How hard is it to develop secure AI? ⎪Rob van der Veer

We Don’t Let the Bad Guys Win: Is It Possible with All Third-Party Apps in Oil & Gas? ⎜Catharina "DD" Budiharto

Why “shift-left” isn’t good enough ⎪Chris Romeo

What are the Non-Human Identity challenges? ⎪Andrew Wilder and Amir Shaked

API Security: Are Vendors Just Blowing Smoke? ⎪David Homoney

The Truth About Software Supply Chain Risks ⎪Cassie Crossley

How secure are your digital wallets? ⎪Max Imbiel (Bitpanda)

How security research can earn you $20m in tokens ⎪Swan Beaujard

Securing cloud native applications: how hard is it? ⎪Mihir Shah

Are custom security tests a product security superpower? ⎜Keshav Malik (LinkedIn)

The art and science of product security ⎥Jacob Salassi (Snowflake)

Security Consultant vs. In-House Engineer: The Showdown⎜Ric Campo

Developers and security training: can they co-exist?⎜Laura Bell Main

Adversarial machine learning: what is it and are we ready? ⎜Anmol Agarwal

AppSec vendors and CISOs: a love - hate relationship? ⎜Olivia Rose

Pentesting: What are the actual benefits?⎥Harsh Modi

Security champion program: A must or completely useless? ⎥Dustin Lehr

Is Gen AI your new AppSec weapon?

Security training: Necessary investment or overrated expense?⎥Mel Reyes

What is ASPM: A breakdown of the current state and its future

SCADA systems: How secure are the systems running our infrastructure? ⎥Malav Vyas

Threat modeling: the future of cybersecurity or another buzzword⎥Derek Fisher

Security experience: top-down vs bottom-up⎥Jeevan Singh (Rippling, Twilio)

Lack of effective DAST tools⎥Aleksandr Krasnov (Meta, Thinkific, Dropbox)

The Elephant in AppSec Podcast Trailer | Escape