Join us for an engaging episode as we welcome James Berthoty, a seasoned cybersecurity professional with a diverse background spanning sysadmin, DevOps, and security engineering roles. James takes us through his journey across different organizations, including his current role at PagerDuty, where he tackles the intricate challenges of FedRAMP compliance. Listen in as James shares insights on the rapid evolution of the Application Security (AppSec) industry, driven by the need for infrastructure...
Jul 28, 2024•46 min•Season 4Ep. 19
Join us as we explore the evolving application security landscape with Marius Poskus, VP of Glow Financial Services and a seasoned cybersecurity professional. In this episode, we delve into the increasing adoption of open-source code and AI in startup development, examining the potential impacts on code security amid rapid innovation pressures. Marius shares his insights on the cultural shifts required for effective DevSecOps practices, the prolonged timelines for meaningful change, and the disr...
Jul 07, 2024•32 min•Season 4Ep. 18
Join us in this insightful episode of the Cybersecurity and Cloud Podcast, where host Francesco Cipollone sits down with the pioneer of threat modeling, Adam Shostack. Dive into the intricacies of Application Security Posture Management (ASPM), effective threat modeling practices, and the innovative solutions offered by Phoenix Security. Gain valuable knowledge on how to improve your organization's security posture and stay ahead of evolving threats. Sponsored by Phoenix Security: This episode i...
Jun 16, 2024•33 min•Season 4Ep. 17
Join us for an in-depth discussion on the challenges and strategies of Application Security Program Management (ASPM) in today's fast-evolving tech landscape. Francesco Cipollone welcomes guest Akira Brand, a seasoned application security engineer and cybersecurity consultant, to explore practical insights into securing applications in the cloud and beyond. We also examine the shift in terminology from AppSec to product security and delve into Akira's unique background in opera singing, which em...
May 27, 2024•33 min•Season 4Ep. 14
Listen in as we navigate the crucial role of threat modeling in the landscape of application security with our esteemed guest, Irene Michlin, the application security lead at Neo4j. Together, we peel back the layers of integrating a developer's insight into the security process and how it fortifies the software development lifecycle. Irene's journey from coding to consulting paints a vivid picture of the security challenges and triumphs faced in today's agile environments. Sponsored by Phoenix S...
May 26, 2024•38 min•Season 4Ep. 16
This episode features guest Izar Tarandach, a seasoned security architect with extensive experience in application security, cloud security, and the development of comprehensive security frameworks. Our discussion navigates through the latest trends in application security, the pivotal role of DevSecOps, and the strategic integration of security practices within modern business environments. Sponsored by Phoenix Security: This episode is brought to you by Phoenix Security, leaders in vulnerabili...
Apr 21, 2024•39 min•Season 4Ep. 14
A dev perspective on application security: Dive deep into the pivotal nexus of cybersecurity, application security, and software development in our latest podcast episode featuring Josh Goldberg, a renowned figure in the TypeScript ecosystem. This episode sheds light on the evolving realm of secure coding practices, acknowledging the progress achieved while recognizing the challenges that lie ahead. Join us as we unravel the nuanced role of artificial intelligence in software development, moving...
Apr 07, 2024•38 min•Season 4Ep. 13
What does it take to get into application security from pentesting? Will AI replace the role of product security? How do you start an application security program and write a book about it? Join us on the Cybersecurity and Cloud Podcast as we welcome the insightful Raj Umadas, head of InfoSec at Ackblue, for a vibrant discussion on the varied pathways into the field of application security. Listen in as Raj shares his unique journey from networking to the realms of software and hardware design, ...
Mar 24, 2024•38 min•Season 4Ep. 12
Will AI replace the role of product security? How do you start an application security program and write a book about it? One of the best Application Security mind Derek Fisher is with us today. Join us on a captivating journey as Derek, a mastermind in product security and a prolific author, shares his expertise on setting up a fortified application security program. We start by unraveling the critical first steps, emphasizing the value of understanding your organization's current cybersecurity...
Mar 03, 2024•33 min•Season 4Ep. 11
Will AI replace the role of product security? This is an enlightening conversation with David Matousek exploring the intersection between automation and product security in application security. Join us on this enlightening journey with David Matousek, as we explore the intriguing world of product security within the cybersecurity realm. Listen in as David, with his wealth of experience transitioning from a technical developer to a product director, unveils the significance of perceiving applica...
Feb 18, 2024•24 min•Season 4Ep. 10
This is an enlightening conversation with Michael Smith exploring the intersection between vulnerabilities, DDoS and WAF technologies. Join us as we reconvene with cybersecurity virtuoso Michael Smith, Field CTO at Verkara, for a rerecording further to explore the fascinating intersection of cybersecurity and cloud technology. Listen in as Michael brings his wealth of experience from military intelligence to web application development to the table, shedding light on how engineering and integrat...
Feb 04, 2024•39 min•Season 4Ep. 9
This is an enlighting conversation with Jay Jacobs - Exploring the Future of Vulnerability Management and Data Science Unlock the secrets of cybersecurity's intricate dance with data science as I, Francesco Cipollone, sit down with tech wizard J Jacobs, co-founder of Cyanthia. Prepare to be captivated by J's inspiring tech odyssey, from his youthful fascination with computing to his trailblazing efforts in quantifying cyber risk. We navigate his professional voyage, spanning IT, pen testing and ...
Jan 21, 2024•43 min•Season 4Ep. 8
This is an enlighting conversation with Caleb Sima a returning guest on the podcast - Bridging Offense and Defense in Cybersecurity and AI Promise for the Future. Join us for the return of an esteemed guest, Caleb, for an engaging conversation with cybersecurity veteran Caleb Sima on our latest podcast episode. Caleb, known for his significant contributions to application security and executive roles in leading tech companies, shares his profound insights into the ever-changing world of cybersec...
Jan 07, 2024•40 min•Season 4Ep. 7
Overcoming the Cybersecurity Talent Shortage: Innovation, Culture, and Self-Care with Jitendra Arora Join us for a transformative discussion with Jitendra Arora, the non-South Europe CISO at Deloitte, as we unravel the narrative around the talent shortage in cybersecurity. Jitendra brings a fresh perspective that emphasizes the need for creativity and open-mindedness in talent sourcing. We dissect the "buy versus build" model, where he advocates for nurturing and developing skills in individuals...
Dec 12, 2023•32 min•Season 4Ep. 6
Get ready to embark on a captivating journey into application security with our guest, Chris Ghigliotty, Director of Security Engineering at JustWorks. A man of many talents, Chris hails from a background in teaching and writing, which lends him a unique perspective on the importance of communication within the cybersecurity industry. We promise you this isn't your regular security conversation. We are tearing down the walls of complexity, transforming intricate risk language into digestible bus...
Nov 26, 2023•31 min•Season 4Ep. 5
Christopher Russell is the CISO at tZERO Group, a Mesh Security advisor, and a NightDragon Advisor. He is currently getting a PhD in Cybersecurity with a focus on Blockchain Security at DSU. His military intel background helps him keep cool under even the most stressful work situations. In this episodes, Francesco and Chris discuss identity and security in relation to blockchain and digital currency. With decades of experience, Chris has an acute sense of risk and threat The episode is brought t...
Nov 06, 2023•38 min•Season 4Ep. 4
Steve Springett is the Director of Product Security at ServiceNow, helping 4,000+ developers build secure and resilient software. He’s a leader of multiple OWASP projects including Dependency Track, SCVS, and Cyclone DX. In this conversation, Steve and Francesco discuss the term SBOM (software bill of materials), the importance of regulations, and the state of the industry. The episode is brought to you by Phoenix Security ; get in control of your vulnerabilities from code to cloud with the powe...
Oct 15, 2023•37 min•Season 4Ep. 3
Christophe Parisel is a Senior Cloud security architect at Société Générale. He has extensively researched risk vulnerability and native cloud security. He specializes in IaaS, PaaS, and devSecOps. Two of his major contributions to the Cloud are Azure Firewall and Azure Policy. When asked, he says he’s is optimistic about the future of Cloud security and is proud of the progress made within the last five years. The episode is brought to you by Phoenix Security ; get in control of your vulnerabil...
Oct 01, 2023•33 min•Season 4Ep. 2
Travis McPeak is a security generalist with over a decade of experience working at several companies including Databricks, Netflix, IBM, HP, and Symantec. He’s the Co-Founder and CEO of Resourcely, whose goal is to create a paved road to secure, efficient, and easy to manage cloud infrastructure. In this conversation, Travis shares his biggest takeaway from working at Netflix, the problem with overusing JIRA, and the importance of making security a shared responsibility between developers and se...
Sep 18, 2023•38 sec•Season 4Ep. 1
Nathan is the manager of the application security team at Intuit Mailchimp. He has over 7 years of experience in application security working at both startups and Fortune 500 companies. In that time, Nathan has been both an engineer and a leader. His primary focus has been on building out application security programs by implementing scalable processes and efficient methodologies. Nathan holds a Master’s in Digital Forensics and CyberSecurity from John Jay College of Criminal Justice and a Bache...
Jun 11, 2023•41 min•Season 3Ep. 27
Kevin Davis , Global CTO of AWS at Atos . Kevin has extensive experience in cloud technology, security and solutions and has a proven track record in senior roles at Cloudreach and Atos. In this show, Kevin and Francesco discuss the move to the cloud, challenges in the cloud security pivot and how to leverage the power of the cloud for security controls. The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now...
Jun 11, 2023•39 min•Season 3Ep. 25
Ollie Whitehouse is the founder BinaryFirefly a boutique British cyber advisory firm with a career spanning over 25 years in applied cyber attack and defence. Ollie's portfolio of advisory positions today includes science advisory positions for UK Government as a member of the Science Advisory Councils for the Home Office and Police, Industry 100 within the National Cyber Security Centre and various Non-Executive Directorships. His operational tenures include over ten and half years at NCC Group...
Mar 06, 2023•46 min•Season 3Ep. 23
Chris Hughes is a Proven Cloud/Cybersecurity leader with nearly 20 years of experience in the Federal and commercial industries. Chris is an active blogger, passionate about all things cyber and a published author of books like Software Transparency. The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the vulnerabilities that matter most and reduce your exposure to modern attacks. See it for yourself. ...
Feb 19, 2023•31 min•Season 3Ep. 23
Anshuman Bhartiya has been in application security for 14 years and is currently the Principal Security Engineer at Thirty Madison. Today with Francesco, they discuss bug bounty, how security approaches differ at big companies and startups, and the state of the industry. The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the vulnerabilities that matter most and reduce your exposure to modern attacks. ...
Feb 05, 2023•37 min•Season 3Ep. 22
Alex Sidorenko is an experienced risk manager, the host of Risk Awareness Week, and runs a popular blog and Youtube channel called “Risk Academy.” In 2021, Alex was named the Risk Manager of the Year by FERMA for helping save 13 million dollars in insurance premiums. Today, he breaks down the three layers of risk management— basic, standardized, and advanced. He explains that cybersecurity is still at the basic level because industry professionals haven't figured out how to quantify uncertainty ...
Jan 21, 2023•53 min•Season 3Ep. 23
Lester Chng is a Veteran who transferred his war gaming military skills to the cooperate world. After being a Naval Combat Officer with the Singapore Navy for twelve years, he runs security exercise programs for a North American financial institution. Lester prepares high-level executives for worst-case scenario security crises. He explains that exercises help buy time, space, and brain processing power during a crisis. The episode is brought to you by Phoenix Security; get in control of your vu...
Jan 08, 2023•31 min•Season 3Ep. 20
Amanda Alvarez is the Senior DevSecOps Engineer at Trace3. Francesco and Amanda met online in a Meetup group called “Let’s Talk Software Security!” Today they discuss building an application security program, managing technical debt, and Amanda’s advice for avoiding burnout as a security professional. The episode is brought to you by Phoenix Security Cloud; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the vulnerabilities that matters most and re...
Dec 11, 2022•35 min•Season 3Ep. 19
Larry Maccherone is a Dev[Sec]Ops Transformation Architect at Contrast Security to create a wave of DevSecOps cultural transformation in software development and cybersecurity communities. He previously worked for five years at Comcast, leading their DevSecOps Transformation initiative. When it comes to software, Larry says security and quality are synonymous. He shares his tips and tricks for getting everyone, especially leadership, committed to security. The episode is brought to you by AppSec...
Nov 27, 2022•38 min•Season 3Ep. 18
Frank Kim is a security consultant, a startup advisor and investor, and a Fellow and Curriculum Director at SANS Institute. He’s been writing curriculum and teaching for SANS for 15 years, sculpting the next generation of CISO leaders and cloud security experts. Today on the podcast, he shares his thoughts on the industry, the gate vs guardrail mentality, and tips for public speaking. The episode is brought to you by AppSec Phoenix Ltd with the Phoenix platform; you can make Vulnerability manage...
Nov 13, 2022•41 min•Season 3Ep. 17
Dustin Lehr started his software engineer career, which piqued his interest in cyber security. He is now the Sr. Director of Platform Security at Fivetran and an innovative cyber security leader online, dedicated to bettering the industry. In this podcast, he discusses how companies can build their security teams with new talent that doesn’t have traditional and technical backgrounds. They also discuss the cost of bad security, relationship building, and security championship programs. The episo...
Oct 30, 2022•43 min•Season 3Ep. 16
