- 103
- 14 650
The Elephant in AppSec
เข้าร่วมเมื่อ 26 ก.ย. 2023
The podcast to explore, challenge, and boldly face the AppSec Elephants in the room.
A new episode is posted bi-weekly, where we challenge our guests with tough security questions. Subscribe to keep up to date!
Podcast transcripts can be found at escape.tech/blog/tag/podcast/
A new episode is posted bi-weekly, where we challenge our guests with tough security questions. Subscribe to keep up to date!
Podcast transcripts can be found at escape.tech/blog/tag/podcast/
Is your organization mature enough for its first AppSec hire?⎢Akira Brand
Today, I'm joined by Akira Brand, the AVP of Application Security at PRA Group. With nearly five years of experience in the security space, Akira has a diverse background, starting as a Developer Relations Engineer and transitioning into an Application Security role.
Passionate about education and Infosec, Akira has established herself as a distinguished public speaker, co-hosting the AppSec Weekly Podcast for several years and sharing her expertise as a cybersecurity instructor at Katilyst.
Akira is also a professional opera singer. You can hear her singing at her Elephant in AppSec conference talk!
In this episode, we discuss the maturity level organizations need to achieve before hiring their first application security engineer, the latest AppSec hiring trends, and her insights on DAST from her time at a DAST vendor organization. We also touch on how early exposure to puzzles helps kids develop problem-solving skills and set the stage for a career in engineering.
Dive right in!
Links to the resources will be available soon!
Passionate about education and Infosec, Akira has established herself as a distinguished public speaker, co-hosting the AppSec Weekly Podcast for several years and sharing her expertise as a cybersecurity instructor at Katilyst.
Akira is also a professional opera singer. You can hear her singing at her Elephant in AppSec conference talk!
In this episode, we discuss the maturity level organizations need to achieve before hiring their first application security engineer, the latest AppSec hiring trends, and her insights on DAST from her time at a DAST vendor organization. We also touch on how early exposure to puzzles helps kids develop problem-solving skills and set the stage for a career in engineering.
Dive right in!
Links to the resources will be available soon!
มุมมอง: 27
วีดีโอ
Are we overlooking Kubernetes security in the race to deploy applications - Raunaq Arora
มุมมอง 6921 วันที่ผ่านมา
Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. Today, we’re joined by Raunaq Arora, Lead Application Security Engineer at Chipotle. Raunaq’s journey into security was almost accidental, starting as a developer who quickly developed a knack for breaking and building secure applications. Now, his expertise lies in securing K...
Is it actually realistic to see everyone as the greatest ally in security? - Alina Yakubenko
มุมมอง 2921 วันที่ผ่านมา
Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. Today, I’m excited to have Alina Yakubenko on the show. Alina, Senior Application Security Engineer at Toast, Inc and former developer and QA Engineer., is dedicated to empowering developers to integrate security into their everyday practices. Passionate about building a cultu...
Can DevSecOps Maturity Models Fail? The Hidden Gaps in AppSec Programs ⎜Timo Pagel
มุมมอง 30หลายเดือนก่อน
Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. Today, I’m thrilled to welcome a true expert in DevSecOps, Timo Pagel! With over 20 years of experience in security strategy, web development, and DevSecOps architecture, Timo brings a wealth of knowledge to the table. As a freelance consultant and university lecturer, he’s pa...
Mycelium as the Path: How the Fungi Kingdom Guides us To Resilience in Cyber Programs | Akira Brand
มุมมอง 25หลายเดือนก่อน
Welcome to the Elephant in AppSec, where we explore, challenge, and boldly face the AppSec Elephants in the room. This talk is from the first-ever Elephant in AppSec Conference, held virtually on November 7, 2024, where strong opinions were definitely encouraged. Akira is an AVP in Application Security @ PRA Group. She delights in the dance between security and software development and is on a ...
AI in AppSec: Why we need to prioritize security | Anmol Agarwal
มุมมอง 34หลายเดือนก่อน
Welcome to the Elephant in AppSec, where we explore, challenge, and boldly face the AppSec Elephants in the room. This talk is from the first-ever Elephant in AppSec Conference, held virtually on November 7, 2024, where strong opinions were definitely encouraged. Dr. Anmol Agarwal is a senior security researcher that specializes in AI security. She works on using AI for security as well as secu...
Most security tools are expensive paperweights: how to get your money's worth | Jeevan Singh
มุมมอง 31หลายเดือนก่อน
Most security tools are expensive paperweights: how to get your money's worth | Jeevan Singh
Accountability in application development | Cassie Crossley
มุมมอง 16หลายเดือนก่อน
Accountability in application development | Cassie Crossley
A future of security free from CNAPP | James Berthoty
มุมมอง 93หลายเดือนก่อน
A future of security free from CNAPP | James Berthoty
Is PAM dead?! Long live Just-in-time Access! | Ran Ne'man
มุมมอง 92หลายเดือนก่อน
Is PAM dead?! Long live Just-in-time Access! | Ran Ne'man
Panel: Why scaling AppSec is harder than you think | Ariel Shin, Mel Reyes, Alina Yakubenko
มุมมอง 25หลายเดือนก่อน
Panel: Why scaling AppSec is harder than you think | Ariel Shin, Mel Reyes, Alina Yakubenko
Shift left sucks for SWEs: AppSec is a structured data problem | Jacob Salassi
มุมมอง 28หลายเดือนก่อน
Shift left sucks for SWEs: AppSec is a structured data problem | Jacob Salassi
Building a proactive development security culture - can we actually make it work? | Dustin Lehr
มุมมอง 35หลายเดือนก่อน
Building a proactive development security culture - can we actually make it work? | Dustin Lehr
We have been doing API security wrong | Tristan Kalos
มุมมอง 54หลายเดือนก่อน
We have been doing API security wrong | Tristan Kalos
My mistakes in building an AppSec team | Aravind Sreenivasa
มุมมอง 38หลายเดือนก่อน
My mistakes in building an AppSec team | Aravind Sreenivasa
Panel: Can we actually measure the effectiveness of AI in cybersecurity?
มุมมอง 76หลายเดือนก่อน
Panel: Can we actually measure the effectiveness of AI in cybersecurity?
Why the 'Secure by Design' pledge won't save us from AppSec failures | Chris Romeo
มุมมอง 21หลายเดือนก่อน
Why the 'Secure by Design' pledge won't save us from AppSec failures | Chris Romeo
Our SAST tools have failed us | Munawar Hafiz
มุมมอง 20หลายเดือนก่อน
Our SAST tools have failed us | Munawar Hafiz
The dumpster fire of software supply chain security | Kyle Kelly
มุมมอง 155หลายเดือนก่อน
The dumpster fire of software supply chain security | Kyle Kelly
Shifting left doesn't mean anything anymore | Tanya Janca
มุมมอง 131หลายเดือนก่อน
Shifting left doesn't mean anything anymore | Tanya Janca
DAST is dead, or is it? | Swan Beaujard
มุมมอง 25หลายเดือนก่อน
DAST is dead, or is it? | Swan Beaujard
Risk, Product Management, and Supply Chain Security: Is There a Connection? ⎜Jesus Cuadrado
มุมมอง 29หลายเดือนก่อน
Risk, Product Management, and Supply Chain Security: Is There a Connection? ⎜Jesus Cuadrado
How hard is it to make DevSecOps work in a Hybrid Cloud? ⎜Michael Tayo
มุมมอง 45หลายเดือนก่อน
How hard is it to make DevSecOps work in a Hybrid Cloud? ⎜Michael Tayo
Is It Possible to Maximize the Effectiveness of Security Champions? ⎜Magdalena Modric
มุมมอง 43หลายเดือนก่อน
Is It Possible to Maximize the Effectiveness of Security Champions? ⎜Magdalena Modric
Hacker Turned Policy Builder: What They Don’t Want You to Know ⎜Patrick Mathieu
มุมมอง 149หลายเดือนก่อน
Hacker Turned Policy Builder: What They Don’t Want You to Know ⎜Patrick Mathieu
Why Is Transforming Company Culture for Product Security So Challenging? ⎜ Ariel Shin
มุมมอง 492 หลายเดือนก่อน
Why Is Transforming Company Culture for Product Security So Challenging? ⎜ Ariel Shin
The API Governance Problem: Why Your API Security Is at Risk (And How to Fix It) ⎜Akansha Shukla
มุมมอง 4552 หลายเดือนก่อน
The API Governance Problem: Why Your API Security Is at Risk (And How to Fix It) ⎜Akansha Shukla
AI Chatbots: Security Disaster or Can We Build Them Securely? ⎜Ante Gojsalic & Benjamin Dulieu
มุมมอง 742 หลายเดือนก่อน
AI Chatbots: Security Disaster or Can We Build Them Securely? ⎜Ante Gojsalic & Benjamin Dulieu
Open Source vs. Commercial Software: The Ultimate Showdown⎜Kyle Kelly
มุมมอง 833 หลายเดือนก่อน
Open Source vs. Commercial Software: The Ultimate Showdown⎜Kyle Kelly
Great conversation, thanks! 45:12
Check your mail please, waiting for a response
Cool
🎉excellent topic covered by Jeevan. Thanks for sharing
Transitive vulns can also be patched. It is still a dumpster fire though
See also, Orwell, "Politics and the English Language" and Frankfurt, "On Bullshit". On the other side, slightly, Pinker, _The Language Instinct_.
Excellent insight to view issues from the dev perspective 😊
Use your own self-written software : IF so, THEN You need never the greatest risk = to update a software from a foreigner
Ouais Swan Ouais représente la Normandie et la Picardie, Ouaiiiiiis !🏆
✔️ "promosm"
A fantastic talk here. I love that James comes to some of the same decisions I have but from a different frame. Great interview and really enjoyed.
Thanks for having me on the show!
I enjoyed the conversation and it kept me invested the whole time
Very happy you enjoyed it! Thank you!
Dropping gems 💎 22:09 this is amazing
Wow! Another amazing episode!!!
Great interview 25:04
Awesome content! Derek is always perfect! Thank you for this episode
Great insight! 27:00 to 34:02 dropping gems 💎
Jeevan is a true leader and a inspiration in the security space!
We totally agree with you!
Excellent interview 20:11