🎙️ Coffee, Chaos and ProdSec, Ep 19

Cloud security keeps getting more complicated, but identity keeps getting ignored.

So this week, Kurt and Cameron grab their coffee and dig into why identity failures are quietly powering most modern cloud incidents.

From service accounts that never die, to Kubernetes clusters held together with cluster admin access and hope, to APIs nobody remembers exposing, this episode walks through the real reasons cloud security keeps falling apart at scale.

They talk through why teams still treat workload identities like humans, how Kubernetes creates a false sense of safety, why API sprawl and logging pipelines leak more data than people realize, and where AI actually helps versus where it just adds noise and false confidence.

There’s no vendor pitch here. Just honest conversations about tradeoffs, broken assumptions, and the gap between cloud security best practices and what actually survives in production.

If you work in Cybersecurity, Application Security, Product Security, DevSecOps, Software Supply Chain Security, or you’re trying to make sense of cloud chaos without the buzzwords, this one’s for you.

☕ New episodes every Wednesday.

Coffee, Chaos and ProdSec -> strong coffee, stronger opinions.

🎙️ Coffee, Chaos and ProdSec, Ep 18

2026 is getting closer, and security is already acting weird.

So this week, Kurt and Cameron grab their mugs and talk through what they see coming next for Product Security and the teams trying to keep up.

From AI agents showing up in the SOC, AppSec, DevSecOps, and GRC, to supply chain risks getting deeper and harder to see, this episode walks through the trends that are starting to take shape right now. The kind that change how work actually gets done, not just how tools are marketed.

They unpack how AI is speeding up code, reviews, and attacks at the same time, why remediation speed is becoming the real bottleneck, and how identity, cloud, and infrastructure are turning into the main battlegrounds. There are strong opinions, a few laughs, and plenty of moments where the future feels exciting and a little uncomfortable.

If you work in Cybersecurity, Application Security, Product Security, DevSecOps, or Software Supply Chain Security, this episode is a look at 2026 through the lens of people who live this stuff every day. All powered by coffee and curiosity.

☕ New episodes every Wednesday.

Coffee, Chaos and ProdSec -> strong coffee, stronger opinio

🎙️ Coffee, Chaos and ProdSec, Ep 17

Breaking into cybersecurity without a degree feels impossible, yet people do it every single day. So this week, Cameron and Kurt grab their mugs and get real about how career changers actually break into Product Security, Application Security, DevSecOps, and Cloud Security when their background looks nothing like tech.

Your hosts dive into the honest truth behind this path, the rejection, the gatekeeping, and the internal drive it takes to push through. They explore how personal brand becomes your signal in a noisy market, how a strong pivot story makes people want to invest in you, why networking still matters more than any certification, and which technical skills help you stand out early. They even dig into how AI has become a learning accelerator for anyone who knows how to use it with intention.

If you are trying to make the jump into security or you want to help someone who is, this episode gives you a roadmap instead of a motivational slogan.

☕ New episodes every Wednesday.

Coffee, Chaos and ProdSec, strong coffee, stronger opinions.

🎙️ Coffee, Chaos and ProdSec - Ep 16

Last week we mapped the problem — now we break the system. Kurt and Cameron return with part two of our vulnerability deep dive, tackling CVSS chaos, broken tooling, exploding CVE volume, and how AI is about to overwhelm traditional prioritization models.

From exposure validation turning 15,000 findings into 300 actionable items, to ASPM finally giving Product Security teams real visibility, to PCI-DSS forcing companies to patch issues that don’t matter, this episode explores where vulnerability management is heading and what “good” will need to look like next.

If you care about Cybersecurity, DevSecOps, Software Supply Chain Security, or how AI will reshape the VM landscape, this one is your next caffeine boost.

☕ New episodes every Wednesday.

Coffee, Chaos & ProdSec — strong coffee, stronger opinions.

🎙️ Coffee, Chaos and ProdSec - Ep 15

Vulnerabilities are piling up faster than teams can read the reports, and vulnerability management is buckling under the weight. So this week, Kurt and Cameron grab their mugs and dig into why modern VM feels impossible, why severity scores mislead everyone, and how reachability and exploitability matter far more than giant spreadsheets of “critical” issues.

From CVSS confusion to EPSS and CISA KEV reshaping prioritization, to AI accelerating discovery and noise, this episode unpacks how we got here and why most organizations are fixing the wrong things.

If you work in Cybersecurity, Application Security, Product Security, DevSecOps, or you simply enjoy hearing two leaders question the entire VM ecosystem, this one is for you.

☕ New episodes every Wednesday.

Coffee, Chaos & ProdSec — strong coffee, stronger opinions.

🎙️ Coffee, Chaos and ProdSec - Ep 14

DevSecOps gets thrown around in cybersecurity more than any other term, but almost no one agrees on what it actually means.

So this week, Kurt and Cameron pour fresh mugs and unpack the real practices behind modern Application Security, Product Security, DevSecOps, and Software Supply Chain Security without the marketing fluff.

From threat modeling and architecture reviews, to CI/CD guardrails, identity patterns, SBOMs, pipeline automation, and why DAST still refuses to fit anywhere, this episode digs into how security can integrate into the entire software lifecycle without slowing teams down.

Cameron and Kurt break down why DevSecOps is more culture than tooling, how design flaws start long before code, what AI is about to break next, and why “shift everywhere” beats “shift left” every time.

If you work in cybersecurity or just enjoy hearing two security leaders question reality over caffeine, this one is your new weekly ritual.

☕ New episodes every Wednesday.

Coffee, Chaos & ProdSec — strong coffee, stronger opinions.

🎙️ Coffee, Chaos & ProdSec – Ep 13

This week, Cameron and Kurt tackle the questions everyone claims to understand but absolutely argues about in every cloud meeting. What is the cloud really? Why is identity suddenly the perimeter? And how did Kubernetes quietly become everyone’s new production environment?

We break down the real concerns behind cloud sprawl, misconfigurations, and identity chaos, plus why CSPM, CWPP, CASB, DSPM, and a dozen other acronyms all matter more than people want to admit.

We get into:

• Why cloud security shifted to identity first
• The real risk of skipping CSPM
• Protecting Kubernetes without tears
• API chaos and data exposure
• The tech stack modern teams actually need

☕ New episodes every Wednesday.

Coffee, Chaos & ProdSec — strong coffee, stronger opinions.

🎙️ Coffee, Chaos & ProdSec - Ep 12

The OWASP Top 10:2025 RC1 is here, and it is already causing chaos. So this week, Kurt and Cameron grab their mugs and break down every category with real world stories, honest takes, and a few spicy opinions on why some vulnerabilities just will not go away.

From Broken Access Control dominating the charts again, to Misconfigurations that keep haunting cloud teams, to classic Injection failures refusing to stay in the past, this episode digs into the patterns behind the list and what they reveal about the state of modern security.

Your hosts explore how design flaws emerge long before code is written, why authentication failures keep showing up in new forms, and how logging gaps continue to blind even mature orgs. It is a guided tour through the list with humor, insight, and the occasional “I cannot believe this still happens” moment.

If you work in AppSec, Product Security, DevSecOps, or you simply enjoy hearing two security leaders question reality over a cup of coffee, this episode is your new weekly ritual.

☕ New episodes every Wednesday.

Tune in, patch your brain, and embrace the beautiful mess of the OWASP Top 10:2025 RC1.