The Application Security Podcast

Chris Romeo and Robert Hurlbut

English Education How To News Tech News Technology

Apple Podcasts Website RSS

Episodes 296

Avg. Duration 37m

Activity Sporadic

Apple Rating ★ 5.0 (36)

Since Sep 2016

Latest Episode Oct 2025

Publishing Details

Schedule

Every 2 Weeks

Format

Episodic

Consistency

56%

Hosting

feeds.buzzsprout.com

About This Podcast

Chris Romeo and Robert Hurlbut dig into the tips, tricks, projects, and tactics that make various application security professionals successful. They cover all facets of application security, from threat modeling and OWASP to DevOps+security and security champions. They approach these stories in an educational light, explaining the details in a way those new to the discipline can understand. Chris Romeo is the CEO of Devici and a General Partner at Kerr Ventures, and Robert Hurlbut is a Principal Application Security Architect focused on Threat Modeling at Aquia.

Podcasting 2.0 Features

person podroll remoteItem

Social Media

X YouTube YouTube

Explore Statistics

English Podcasts Report Education Report How To Report News Report Tech News Report Technology Report English Education Report

Recent Episodes

S12E20 Brad Geesaman - Redefining AppSec with AI: Shrinking Toil, Expanding Impact - How LLMs are able to reduce toil in triage-heavy AppSec workflows

Oct 28, 2025 42m

Brad Geesaman, Principal Security Engineer at Ghost, joins the podcast today to explore how AI and large language models are transforming the world of application security. The discussion starts with…

S12E19 OWASP Candidate Debate - 2025 Edition

Oct 15, 2025 1h 8m

In this special episode of the Application Security Podcast we meet nine of the OWASP Board of Directors candidates. Each candidate discusses their unique qualifications, experiences, and vision for…

S12E18 Francesco Cipollone - Agentic AI Manifesto

Sep 23, 2025 33m

Francesco Cipollone, the CEO of Phoenix Security, shares his extensive experience in AI and security, discussing the crucial difference between true AI agents and glorified chatbots. Learn why…

S12E17 Simon Gibbs & Devika Gibbs -- Building Bridges with Games

Sep 16, 2025 36m

Simon and Devika Gibbs, the innovative minds behind Cybersec Games, join us on the episode today. Discover how the Gibbs duo are revolutionizing the way we teach and learn security concepts through…

S12E16 Akansha Shukla - Modern AppSec: Securing APIs with Threat Modeling and DevSecOps

Sep 02, 2025 35m

Our guest today is Akansha Shukla, an information security professional with over 10 years of experience in application security, DevSecOps, and API security. We’re discussing why API security…

S12E15 Getting Ready for the EU CRA

Aug 20, 2025 40m

The European Union's Cyber Resilience Act is set to revolutionize how we approach product security worldwide. In this episode, we sit down with application security expert Nariman Aga-Tagiyev to…

S12E13 Marisa Fagan - Measuring Security Culture

Aug 05, 2025 50m

Marisa Fagan, Head of Product at Katilyst and veteran security culture expert joins us today to share practical strategies for building and scaling security champions programs that actually work,…

S12E12 Aram Hovsepyan -- Your Security Dashboard is Lying to You: The Science of Metrics

Jul 22, 2025 40m

Aram Hovsepyan joins the podcast today to chat about the misconceptions behind common security metrics. Aram tells us how total vulnerability counts and CVSS scores can be misleading and he…

S12E11 Sean Varga -- OWASP Top 10 for AppSec Sales

Jul 15, 2025 47m

We’re discussing the intersections of application security (AppSec) and sales strategy with our guest, Sean Varga. Sean shares the unique challenges and best practices in AppSec sales, like the…

S12E10 Sarah-Jane Madden -- What AI means for AppSec

Jul 09, 2025 37m

Sarah Jane Madden joins us to discuss the evolving role of AI in software development. We reflect on the changes and challenges posed by AI, including the potential for over-reliance and the…

S12E9 Dag Flachet -- Kaizen for your Appsec Program

Jun 17, 2025 35m

Dag Flachet joins us to discuss the concept of Kaizen and its application in improving application security. Dag shares his journey into the world of security, emphasizing the importance of…

S12E8 Javan Rasokat and Andra Lezza -- When Chatbots Go Rogue - Lessons Learned from Building and Defending LLM Applications

Mar 18, 2025 47m

Andra Lezza and Javan Rasokat discuss the complexities of securing AI and LLM applications. With years of experience in Application Security (AppSec), Andra and Javan share their journey and lessons…

S12E7 Jim Routh -- The CISO Transition to the rest of life

Mar 11, 2025 49m

Former CISO Jim Routh discusses his perspective on retirement and career fulfillment in cybersecurity. Rather than viewing retirement as simply stopping work, Routh describes his three-filter…

S12E6 Henrik Plate -- OWASP Top 10 Open Source Risks

Mar 04, 2025 38m

Henrik Plate joins us to discuss the OWASP Top 10 Open Source Risks, a guide highlighting critical security and operational challenges in using open source dependencies. The list includes risks like…

S12E5 Tanya Janca -- A Secure SDLC from a Developer's Perspective

Feb 26, 2025 48m

Security expert Tanya Janca discusses her new book "Alice and Bob Learn Secure Coding" and shares insights on making security accessible to developers. In this engaging conversation, she explores how…

S12E4 Mehran Koushkebaghi -- Security as a Systemic Concern: How to develop Anti-Requirements

Feb 11, 2025 45m

Mehran Koushkebaghi, a seasoned engineering expert, delves into the intricacies of systemic security. He draws parallels between civil engineering and IT systems, and explains the importance of…

S12E3 Kalyani Pawar -- Shaping AppSec at Startups

Feb 04, 2025 39m

Kalyani Pawar shares critical strategies for integrating security early and effectively in AppSec for startups. She recommends that startups begin focusing on AppSec around the 30-employee mark, with…

S12E2 Milan Williams -- AppSec Metrics

Jan 14, 2025 36m

Milan Williams discusses the importance of application security metrics and how to make them both meaningful and actionable. She explains that metrics are crucial for tracking progress in what can…

S12E1 MO Sadek -- Building an AppSec Program from Scratch

Jan 08, 2025 48m

Mo Sadek shares his unique journey of building an Application Security program from scratch at Roblox. Mo discusses his unconventional path, including temporarily joining the infrastructure team to…

S11E29 Brett Crawley -- Threat Modeling Gameplay with EoP

Dec 10, 2024 45m

Brett Crawley discusses the Elevation of Privilege (EoP) card game, a powerful tool for threat modeling in software development. The discussion explores recent extensions to the game including…

Frequently Asked Questions

How many episodes does The Application Security Podcast have?

The Application Security Podcast has published 296 episodes since September 2016, covering topics in Education, How To.

Is The Application Security Podcast still active?

The Application Security Podcast is currently sporadic with new episodes every 2 weeks. Average episode length is 37m.