Building great security programs takes more than checklists and best practices—it takes vision, collaboration, and adaptability. In this episode, Bonnie Viteri, Principal Technical Security Engineer at Yahoo, shares how to build scalable, resilient programs that evolve, survive leadership turnover, and actually provide value to the business. 🔔 Subscribe for more practical AppSec insights: https://www.youtube.com/channel/UCLgzXoXJ-TGO-y7Eh9quDUQ?sub_confirmation=1 Chapters: 00:00 – Start with th...
Jul 31, 2025•31 min•Ep. 15
As cyber threats evolve, so must the strategies to prevent them. In this episode, Samuel Brown—CEO of PacketX and retired U.S. Army CW4—shares mission-critical insights on risk mitigation, layered security, and why backups and plans on paper aren't enough. From ransomware recovery to real-world network defense, this conversation is packed with hard-earned lessons for AppSec professionals and business leaders alike. 🔔 Subscribe for real-world insights and actionable AppSec stories: https://www.y...
Jul 17, 2025•32 min•Ep. 14
As the cybersecurity industry grows, more professionals are breaking into security from nontraditional backgrounds. In this episode, Edvinous Urbasius, a former developer turned cybersecurity consultant, shares his unfiltered story of how he got into the field without certifications—and what he learned on the job in a SOC. 🔔 Subscribe for real-world insights and actionable AppSec stories: https://www.youtube.com/channel/UCLgzXoXJ-TGO-y7Eh9quDUQ?sub_confirmation=1 Chapters: 00:00 You Don’t Need ...
Jul 03, 2025•31 min•Ep. 13
In this eye-opening episode, Reanna Schultz, an experienced Security Operations Center (SOC) team leader, pulls back the curtain on what makes a modern SOC truly effective. Drawing from her six-year journey through various cybersecurity roles, she reveals how SOCs serve as an organization's first line of defense against cyber threats. The discussion covers essential insights on building a SOC from scratch, the value of managed security service providers (MSSPs), and how AI is reshaping the threa...
Feb 04, 2025•34 min•Ep. 12
In Episode 11 of Secrets of AppSec Champions, Chris Lindsey and Cassie Crossley delve into the intricate world of supply chain security. Cassie Crossley, Vice President of Supply Chain Security at Schneider Electric, brings her extensive experience in software development and security to the fore, emphasizing the importance of following secure development practices. She advocates for the separation of build and development environments to avoid outdated methods and stresses the significance of m...
Jan 07, 2025•36 min•Ep. 11
In this episode of "Secrets of AppSec Champions," host Chris Lindsey engages with Michael Vance, the CISO at Navient, to explore the nuances of bounty programs and their integration with traditional penetration testing. Michael discusses the journey of transitioning from a managed vulnerability disclosure program (VDP) to a full-scale bug bounty program. He highlights the importance of establishing clear policies and scopes for these programs to ensure effective and safe collaboration with exter...
Nov 26, 2024•24 min•Ep. 10
In this episode of "Secrets of AppSec Champions," titled "Auditing Your Security Program," host Chris Lindsey converses with Roddy Bergeron, a cybersecurity fellow at SherWeb. They tackle several pressing topics in the realm of cybersecurity auditing, starting with the financial repercussions of poor data management. A friend's experience underscores the importance of sending condensed data rather than raw data to avoid increased cloud storage costs. This leads to a broader discussion about data...
Nov 12, 2024•31 min•Ep. 9
In Episode 07 of Secrets of AppSec Champions, PenTesting with Nat Shere, Chris Lindsey hosts seasoned penetration tester Nathaniel Shere, who currently serves as the Technical Services Director at Craft Compliance. Nathaniel shares his journey into penetration testing, starting from his master's in cybersecurity and leading to over a decade of experience in the field. The duo delves into the pressing issues within the security industry, such as the high levels of stress, the pressure to remain u...
Oct 29, 2024•35 min•Ep. 8
Welcome to Episode 06 of "Secrets of AppSec Champions," titled "Working With Your CISO," featuring host Chris Lindsey and guest Yaron Levi, the Chief Information Security Officer (CISO) at Dolby Labs. In this episode, Yaron Levi, with over 15 years of experience in various security functions, provides insights into the multifaceted role of a CISO. He discusses the relatively young profession, highlighting its diverse structures and responsibilities which include enabling businesses while managin...
Oct 15, 2024•36 min•Ep. 7
In the episode "Reactive to Proactive" of the podcast Secrets of AppSec Champions, host Chris Lindsey engages with Shashank Balasubramanian, the Head of Application Security at Tripadvisor. Shashank has been managing the application security program at Tripadvisor for over four years, during which he has overseen the transition from a reactive to a proactive security approach. The conversation delves into the distinct characteristics of reactive vs. proactive security programs, highlighting the ...
Oct 01, 2024•28 min•Ep. 6
In this episode of "Secrets of AppSec Champions" titled "Security Champions," host Chris Lindsey engages with Jigar Shah, an executive global director in the IT identity, access, and application security space, to explore the critical importance of cybersecurity in our increasingly digital and interconnected world. The episode underscores the heightened awareness of security issues among both technical and non-technical individuals. Jigar emphasizes the necessity of ingraining a robust security ...
Sep 17, 2024•39 min•Ep. 5
In Episode 03 of Secrets of AppSec Champions podcast titled "Compromised: Proactive to Reactive," hosts Chris Lindsey and guest Phil Guimond tackle the critical distinctions between proactive and reactive security strategies. They emphasize the importance of access logging and visibility in detecting compromises early, pointing out how changes in access logs can signal potential threats. They stress the necessity of implementing secure, tamper-proof log storage and discuss automation solutions l...
Sep 03, 2024•40 min•Ep. 4
In this episode of Secrets of AppSec Champions, host Chris Lindsey and guest Toby Jackson dive into the strategies and best practices for maturing an application security (AppSec) program. Toby underscores the necessity of validating video messages, with the same rigor applied to emails and texts, to mitigate security threats. Emphasizing the growing menace of SIM card hijacking and SMS interception, both experts advocate for regular reviews of security processes and procedures. They also stress...
Aug 20, 2024•37 min•Ep. 3
📋 Show Notes Secrets of AppSec Champions: Laying the Foundation of Application Security In the inaugural episode of the multi-part series 'Decoding Application Security,' host Chris Lindsey and guest Anthony Israel-Davis, Product Security Manager at Fortra, dive into the fundamentals of building a successful application security program for large teams. They discuss essential first steps when starting at a new company, the importance of understanding the company culture, and the critical role o...
Jul 31, 2024•48 min•Ep. 2
Jul 28, 2024•1 min•Ep. 1
