Let's Talk Security Testing
Ben Armstrong, Thomas Ballin
Publishing Details
About This Podcast
Your hosts, cyber tech founders Ben Armstrong and Thomas Ballin, have been increasingly frustrated with security testing's archaic approach. So they set about solving the problems they encountered themselves and created the Cytix platform.
In the same spirit, they're bottling these thoughts, experiences and anecdotes into honest and transparent 30-minute sessions to open up the discussions with you.
Let's Talk Security Testing is a podcast to challenge norms in cyber security testing for industry thought leaders ready to take on a new approach.
Podcasting 2.0 Features
Social Media
Explore Statistics
Recent Episodes
S4E3 What the hell happened to PTaaS?
In this episode of Let’s Talk Security Testing, we revisit PTaaS (Pen Testing as a Service) — a buzzword that never quite settled on a definition.Was it just pen testing with a portal? Continuous…
S4E2 Did Anthropic Just Solve AppSec?
Anthropic recently announced a new code analysis capability that’s sparked a lot of discussion across the AppSec community.In this episode of Let’s Talk Security Testing, we break down what the…
S4E1 The AppSec Reality Check with NCC Group
AI is reshaping how software is built. But is it reshaping how it’s secured?In this episode, we’re joined by NCC Group to explore what’s really happening across the AppSec landscape. From AI adoption…
S3E11 The Reality of Agentic Application Security
Agentic AI is the latest shift in application security, but how much of it is delivering real results? In this episode, we break down: - What “agentic” really means in AppSec - Where agentic…
S3E10 Is AI Pentesting Just DAST in Disguise?
Is AI Pentesting Just DAST in Disguise? 🤖💥Everyone’s talking about AI-powered pentesting - but is it actually useful, or just dressed-up DAST?In this episode, we dig into:- What AI tools really test…
S3E9 Does CAB Still Belong in Modern DevSecOps?
In Season 2, Episode 9, we ask a big question: does the Change Advisory Board (CAB) still have a place in today’s fast-moving DevSecOps world? Traditionally seen as a gatekeeper for risk, CABs are…
S3E8 Is Vibe Coding a Developer Superpower or a Security Risk?
In Season 2, Episode 8, we throw planning out the window and build a web app purely on vibes. No specs, no structure, just straight-up code. Then, we do what any responsible team would do... we try…
S3E7 Who Wins at Threat Modelling: AI or a Real Hacker?
In Season 2, Episode 7, we put human intuition to the test against machine precision. As AI tools become more embedded in secure design workflows, we ask the big question: can AI threat model as well…
S3E6 Can AI Replace Pentesters?
In Episode 6, Season 2, we unpack the explosive growth of AI and ask the critical question: could AI ever replace human pentesters?Subscribe to keep up to date with all new episodes, released every 2…
S3E5 Hack it or Track it: The Hunt for Cyber Vulnerabilities
In Episode 5, Season 2, we dive into vulnerabilities and their detection methods, from automated scanners to human-led pen testing. Plus, we put our skills to the test in Hack it or Track it, where…
S3E4 Micro Pen-Testing: When Less is More in Cybersecurity
In episode 4 season 2, explore the innovative world of Micro Pen-Tests - a targeted, bite-sized approach to security testing that stems from threat modelling and development changes.Subscribe to keep…
S3E3 Breaking Down Threat Modelling in Security Testing: A New Cybersecurity Essential
In episode 3 season 2, explore the power of Threat Modelling in security testing and how it helps organisations predict, identify, and mitigate cyber risks before they become real threats.Subscribe…
S3E2 What Security Can Learn From Quality Control
In episode 2, season 2 of Let's Talk Security Testing, we continue the conversation on the widely debated topic of 'what can security learn from quality control'. Subscribe to keep up to date with…
S3E1 Enhancing Pentesting Effectiveness with Jira Tickets
In episode 1 of season 2, explore techniques for using Jira tickets to enhance the effectiveness of your pentesting efforts. Meaning you can threat model your change tickets and prioritise your…
S2E13 Vulnerability Deep Dive: Access Control Issues
In the second of the Let's Talk Security Testing vulnerability deep dive episodes, Ben and Tom explore access control issues. They explore:What are access control issues & practical examplesHow…
S2E12 Depth vs Coverage in Security Testing
Has the cyber security industry been ... lying to us? Do scanners provide the coverage whilst penetration tests provide the depth? Ben and Tom peel back the lid on this narrative to see if this is…
S2E11 Vulnerability Deep Dive: Business Logic Flaws
In this first-of-its-type episode of Let's Talk Security Testing, Ben and Tom exclusively dive into the vulnerability, business logic flaws.They discuss:How business logic flaws are createdWhere…
S2E10 How to Build an Internal Security Testing Team
Tom and Ben discuss:Determining the need for an internal pentesting teamSetting up the teamKey processes that lead to success
S2E9 Where Do Vulnerabilities Come From?
Ben and Tom discuss:The 3 primary sources of vulnerability creationA comparison of defensive cyber security approachesChallenges of route cause analysis
S2E8 Why Context Matters In Security Testing
Join Ben and Tom in discussing:What do we mean by context in security testing?The reality of context in security testingBarriers to achieving context in security testing and how to overcome them
Frequently Asked Questions
Let's Talk Security Testing has published 34 episodes since December 2023, covering topics in Technology.
Let's Talk Security Testing is currently active with new episodes every 2 weeks. Average episode length is 26m.
