The Application Security Podcast

Hosted by Chris Romeo and Robert Hurlbut

Technology News Education

Website RSS feed

Episodes

301

Latest episode

Jun 2026

Language

EN-US

About the show

Chris Romeo and Robert Hurlbut dig into the tips, tricks, projects, and tactics that make various application security professionals successful. They cover all facets of application security, from threat modeling and OWASP to DevOps+security and security champions. They approach these stories in an educational light, explaining the details in a way those new to the discipline can understand. Chris Romeo is the CEO of Devici and a General Partner at Kerr Ventures, and Robert Hurlbut is a Principal Application Security Architect focused on Threat Modeling at Aquia.

Listen to episodes

60 recent

June 16, 2026Episode 648 min

Michael Burch - AI-Enabled Citizen Developers

AI adoption is accelerating faster than most organizations know how to handle it, and the gap between curiosity and confident use is where things go wrong. Michael Burch, VP of AI Enablement and Acceleration, joins to break down what it actually takes to move teams from "interested in AI" to using it responsibly and effectively in their day-to-day work. He shares why successful adoption depends less on the technology itself and more on trust, clear guidance, and making AI approachable for non-technical teams. Whether you are leading an AI initiative or just trying to figure out where to start, this episode is a practical look at what real adoption looks like inside organizations today.FOLLOW OUR SOCIAL MEDIA:➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

June 2, 2026Episode 540 min

Josh Grossman--AI & SAST: Is it a match?

AI coding tools are accelerating development fast, but they’re also exposing the limits of traditional AppSec tooling. Josh Grossman, CTO of Bounce Security and longtime AppSec consultant, joins the podcast to break down AGHAST, his new open-source security tool that combines static analysis with AI to uncover business logic flaws and authorization issues that traditional scanners miss. FOLLOW OUR SOCIAL MEDIA:➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

May 14, 2026Episode 445 min

Dwayne McDaniel -- Secrets Sprawl and How AI is Impacting Secrets

GitGuardian found 29 million hard-coded secrets leaked in public GitHub commits in a single year, a 34% jump and the biggest spike they've ever recorded. Dwayne McDaniel joins to break down why AI coding tools, MCP servers, and a false sense of security in private repos are making the problem worse, and what it'll actually take to fix it. Check out the report here - https://www.gitguardian.com/files/the-state-of-secrets-sprawl-report-2026. Dwayne McDaniel is a Principal Developer Advocate who has been on a mission to "help people figure stuff out" for over a decade. At GitGuardian, he specializes in secrets security and non-human identity governance across cloud and DevOps environments.FOLLOW OUR SOCIAL MEDIA:➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

April 30, 2026Episode 347 min

Tanya Janca - Secure Vibe Coding

AI isn’t just helping developers anymore; it’s writing the code, and that changes everything. In this episode, Tanya Janca breaks down “vibe coding,” the hidden security risks behind it, and how teams need to rethink AppSec from the ground up. If you’re building with AI, this is the wake-up call you can’t afford to miss. Tanya Janca, AKA SheHacksPurple, is an author, founder, trainer, speaker, software developer, but most of all, a nerd obsessed with security. She speaks and teaches secure coding worldwide and through her podcast, DevSec Station. Check it out here: https://www.youtube.com/@DevSecStationFOLLOW OUR SOCIAL MEDIA:➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

April 21, 2026Episode 244 min

Caroline Wong--The AI Cybersecurity Handbook

Caroline Wong, author of The AI Cybersecurity Handbook and Chief Strategy Officer at Axari, is back! Caroline shares how AI is rapidly changing AppSec, driving massive increases in code, accelerating risk, and challenging traditional security practices. The conversation covers AI-generated code, trust and explainability, and how security teams must adapt to keep up.FOLLOW OUR SOCIAL MEDIA:➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

April 15, 2026Episode 149 min

Steve Wilson--OpenClaw and Advanced AI Agents

In this episode of the Application Security Podcast, Chris Romeo and Robert Hurlbut welcome back Steve Wilson, a global leader in AI security and Chief AI and Product Officer at Exabeam, as well as founder of the OWASP Gen AI Security Project.Steve shares how his AI assistant was “hacked” using a simple phishing attack, highlighting a major shift in security—AI agents behave more like humans than traditional software. The conversation explores how this changes the threat model, why AppSec is struggling to keep up, and how organizations should approach the practical security of AI systems.They also cover the risks of autonomous agents, the expanding blast radius of failures, and what AppSec professionals can do now to adapt.FOLLOW OUR SOCIAL MEDIA:➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

October 28, 2025Episode 2042 min

Brad Geesaman - Redefining AppSec with AI: Shrinking Toil, Expanding Impact - How LLMs are able to reduce toil in triage-heavy AppSec workflows

Brad Geesaman, Principal Security Engineer at Ghost, joins the podcast today to explore how AI and large language models are transforming the world of application security. The discussion starts with the concept of "toil"—the repetitive, exhausting work that drains AppSec teams as they struggle to keep up with mountains of security findings and alerts. Brad shares his insights on how LLMs can provide meaningful leverage by handling the heavy lifting of triage, classification, and evidence gathering, while keeping humans firmly in the loop for final decisions. They also discuss the seismic shift happening in the AppSec market, with AI-native approaches potentially disrupting traditional security tooling. Listen along to hear more about the future of secure coding and how artificial intelligence might finally give security teams the helicopter view they need to fight fires effectively.FOLLOW OUR SOCIAL MEDIA:➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

October 15, 2025Episode 191 hr 8 min

OWASP Candidate Debate - 2025 Edition

In this special episode of the Application Security Podcast we meet nine of the OWASP Board of Directors candidates. Each candidate discusses their unique qualifications, experiences, and vision for OWASP's future. Topics include enhancing OWASP's impact, improving outreach and education, securing funding, and engaging local chapters. Don't miss this insightful debate as these candidates share their strategies to help secure a brighter future for OWASP. FOLLOW OUR SOCIAL MEDIA:➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

September 23, 2025Episode 1833 min

Francesco Cipollone - Agentic AI Manifesto

Francesco Cipollone, the CEO of Phoenix Security, shares his extensive experience in AI and security, discussing the crucial difference between true AI agents and glorified chatbots. Learn why Phoenix Security utilizes six different LLMs instead of a single super agent. Understand the sobering economics behind AI implementation and the importance of adopting AI responsibly. Get practical advice on integrating AI agents to enhance, not replace, human capabilities, while touching on the Agentic AI Manifesto's key principles. This conversation is perfect for anyone navigating the AI landscape both cautiously and optimistically.FOLLOW OUR SOCIAL MEDIA:➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

September 16, 2025Episode 1736 min

Simon Gibbs & Devika Gibbs -- Building Bridges with Games

Simon and Devika Gibbs, the innovative minds behind Cybersec Games, join us on the episode today. Discover how the Gibbs duo are revolutionizing the way we teach and learn security concepts through interactive gaming. Learn about their journey from developing stationary for agile teams to delving into the world of threat modeling games like Elevation of Privilege. We talk about the power of gamification in cybersecurity education, and get the inside scoop on their Cybersecurity Game Challenge, which invites creative minds to bring their game ideas to life. FOLLOW OUR SOCIAL MEDIA:➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~