Episodes
34
Latest episode
Mar 2026
Language
EN
Your hosts, cyber tech founders Ben Armstrong and Thomas Ballin, have been increasingly frustrated with security testing's archaic approach. So they set about solving the problems they encountered themselves and created the Cytix platform. In the same spirit, they're bottling these thoughts, experiences and anecdotes into honest and transparent 30-minute sessions to open up the discussions with you. Let's Talk Security Testing is a podcast to challenge norms in cyber security testing for industry thought leaders ready to take on a new approach.
In this episode of Let’s Talk Security Testing, we revisit PTaaS (Pen Testing as a Service) — a buzzword that never quite settled on a definition.Was it just pen testing with a portal? Continuous testing? Cheaper delivery?We break down what PTaaS was meant to be, how it evolved, and why it seems to have faded, without ever being clearly defined.
Anthropic recently announced a new code analysis capability that’s sparked a lot of discussion across the AppSec community.In this episode of Let’s Talk Security Testing, we break down what the announcement actually means for application security teams, whether it represents real progress or just another wave of industry hype.We also dive into one of the hardest problems in security testing - business logic flaws, and discuss whether tools can realistically detect them.Finally, we play a game: build an AppSec programme with only $10, exploring the trade-offs security teams face when budgets are limited.
AI is reshaping how software is built. But is it reshaping how it’s secured?In this episode, we’re joined by NCC Group to explore what’s really happening across the AppSec landscape. From AI adoption in development workflows to the rise of AI-driven pentesting tools, we unpack what’s progressing, and what’s still marketing.We cover:The reality of AI in modern development pipelinesThe current maturity of AI-powered pentestingHow buyer expectations are shiftingWhether pentesting is evolving or simply being rebrandedFor CISOs, Heads of AppSec, and security leaders trying to make sense of the noise, this is the grounded perspective you need.
Agentic AI is the latest shift in application security, but how much of it is delivering real results? In this episode, we break down: - What “agentic” really means in AppSec - Where agentic workflows are genuinely adding value - The limits of automation, and where human expertise still leads - How enterprises are adopting it without overcommitting If you’re trying to separate practical capability from future promise in AI-driven security, this one’s for you!
Is AI Pentesting Just DAST in Disguise? 🤖💥Everyone’s talking about AI-powered pentesting - but is it actually useful, or just dressed-up DAST?In this episode, we dig into:- What AI tools really test (and what they miss)- Why they sometimes look better than they are- Hallucinations, pricing, and trust- How they compare to micro pen tests and manual reviewsIf you’re trying to make sense of AI in security testing, this one’s for you.
In Season 2, Episode 9, we ask a big question: does the Change Advisory Board (CAB) still have a place in today’s fast-moving DevSecOps world? Traditionally seen as a gatekeeper for risk, CABs are often accused of slowing things down, blocking innovation, and creating more process than value. But can AI shift the role of CAB from bottleneck to enabler? We explore what a modern, AI-assisted CAB could look like, and whether change governance can finally move at the speed of development.
In Season 2, Episode 8, we throw planning out the window and build a web app purely on vibes. No specs, no structure, just straight-up code. Then, we do what any responsible team would do... we try to hack it. In this live pen testing session, we explore what happens when code is written without rules, and whether security still holds up under pressure.
In Season 2, Episode 7, we put human intuition to the test against machine precision. As AI tools become more embedded in secure design workflows, we ask the big question: can AI threat model as well as a real human? We pit a seasoned pentester against our own AI tool in a live challenge, and the results might surprise you. 👉 Try the tool for yourself: https://www.cytix.io/change-analysis-tool
In Episode 6, Season 2, we unpack the explosive growth of AI and ask the critical question: could AI ever replace human pentesters?Subscribe to keep up to date with all new episodes, released every 2 weeks!
In Episode 5, Season 2, we dive into vulnerabilities and their detection methods, from automated scanners to human-led pen testing. Plus, we put our skills to the test in Hack it or Track it, where we break down real vulnerabilities, discussing how we’d exploit them and how we’d detect them before attackers do.Subscribe to keep up to date with all new episodes, released every 2 weeks!
Claim this listing to keep it up to date, reach guests who want to pitch you, and manage bookings with Guestify.
Claim this listing
Jeremy Snyder
Richey Malhotra
Drive Electric Alabama
Proxify
Rupa Singh
The National Academy of Sciences
