Episodes

  • Episode 247 - w/ Alejandro Saenz

    Episode 247 - w/ Alejandro Saenz
    Jun 11 2024
    Absolute AppSec welcomes Alejandro Saenz to join Seth Law and Ken Johnson as a guest. Alejandro has been active in application and product security fields for over a decade, most recently working in product security for Twilio. Before that he worked as a senior application security engineer and software engineer at Softrams and as an application security consultant at nVisium. Alejandro has regularly contributed to security projects for both better understanding product security metrics and monitoring assets and managing vulnerabilities.
    Show more Show less
    Less than 1 minute
  • Episode 246 - w/ Charles Shirer

    Episode 246 - w/ Charles Shirer
    Jun 4 2024
    Charles Shirer joins Absolute AppSec for a special episode of the show. Charles has decades of experience as a pentester, threat hunter, red teamer, and security consultant. He's CEO of GlobalWave consulting, a security consulting firm that's been serving clients for over a decade. Charles is also a frequent conference speaker, online commentator, and tireless advocate for helping hackers find ways take care of their overall well-being.
    Show more Show less
    Less than 1 minute
  • Episode 245 - w/ Dustin Lehr - Security Champions

    Episode 245 - w/ Dustin Lehr - Security Champions
    May 28 2024
    Dustin Lehr, current director of AppSec at data integration company Fivetran, joins Seth and Ken for a special episode of Absolute AppSec. Dustin has spent years helping improve companies' security cultures industry-wide, through his work co-founding Katilyst Security which focuses on helping companies create security champion programs. Additionally, in that vein, Dustin has created The Security Champion Program Success Guide and heads up the "Let's Talk Software Security" meetup. Before Fivetran, Dustin headed Application Security at Staples. To read some of his thoughts on the benefits of security champions programs as well as advice on setting it up in your organization, you can read his article here hosted on the New Stack: https://securitychampionsuccessguide.org/
    Show more Show less
    Less than 1 minute
  • Episode 244 - w/ Kyle Kelly - Software Security Supply Chain

    Episode 244 - w/ Kyle Kelly - Software Security Supply Chain
    May 21 2024
    Kyle Kelly joins Seth Law and Ken Johnson as a special guest on the Absolute AppSec podcast. Kyle is an Executive Cybersecurity Consultant at Bancsec, Inc, and Security Researcher at Semgrep, and founder of the wonderful Cramhacks newsletter. As a consultant and researcher, Kyle specializes in supply chain security, a speciality that informs the thoughts he publicizes, but even more so cramhacks reflects his desire to help his readers become contributors to improving the cybersecurity landscape and analysis of software security supply chains. Subscribe to Kyle's newsletter at cramhacks.com.
    Show more Show less
    Less than 1 minute
  • Episode 243 - w/ Bryan Schmidt

    Episode 243 - w/ Bryan Schmidt
    Apr 30 2024
    Bryan Schmidt, information security lead at Adept AI is joining Ken Johnson (@cktricky on twitter/x) and Seth Law (@Sethlaw) for a special episode of Absolute AppSec. Before Adept.AI, Bryan spent the last half decade working as a security engineering manager at, first, Flatiron Health and, later ChowNow, and he worked as a penetration tester and security consultant for that. We’ll be discussing AI during the show as Adept.ai is recently again designated as one of the AI Fortune50. Be sure to tune in to learn a little about Bryan and his trajectory into security and emerging technologies.
    Show more Show less
    Less than 1 minute
  • Episode 242 - LLMs Exploiting Vulns, State of DevSecOps

    Episode 242 - LLMs Exploiting Vulns, State of DevSecOps
    Apr 23 2024
    Seth and Ken return with analysis of recent research that shows LLMs exploiting known CVEs. And no, it's not completely autonomous yet. This is followed by a breakdown of DataDog's State of DevSecOps article, backing up our gut feel of current industry needs and failures.
    Show more Show less
    Less than 1 minute
  • Episode 241 - Secure Defaults, Using LLMs for Code Review

    Episode 241 - Secure Defaults, Using LLMs for Code Review
    Apr 16 2024
    **Video may be required**: this episode is focused on demonstrating uses of LLMs against various code. As such, listeners may want to watch the stream to see these uses rather than just listening. Also, Seth and Ken talk briefly at the beginning of the episode about a new tldr;sec project (thanks Clint!) called awesome secure defaults that lists out useful libraries and projects that are secure by default.
    Show more Show less
    Less than 1 minute
  • Episode 240 - Code Smells, XZ Backdoor, Hallucinations

    Episode 240 - Code Smells, XZ Backdoor, Hallucinations
    Apr 9 2024
    After a week of travel, Seth and Ken return to the podcast with a breakdown of their travel experiences at multiple conferences and teaching their first Practical Secure Code Review course using LLMs to enhance the methodology. This is followed by reinforcement of code review steps including library research, a discussion of the recent XZ backdoor, and an article reviewing LLM hallucinations when recommending libraries.
    Show more Show less
    Less than 1 minute