Episodes

  • Episode 252 w/ Rami McCarthy - Security Startups, Jobs

    Episode 252 w/ Rami McCarthy - Security Startups, Jobs
    Jul 16 2024
    Product Security and Cloud security guru Rami McCarthy (@ramimacisabird on X) comes on the Absolute AppSec podcast with Ken and Seth (@cktricky and @sethlaw)! To get to know Rami, you should first check out his website here to get acquainted with some of his latest prodigious activities: https://ramimac.me/. He’s recently delivered a talk regarding zero-touch prod at Fwd:CloudSec and finished a stint as a Security Engineer at Figma. For folks interested in questions of security consulting, management, AWS and cloud security as well as many of the other large questions in infosec, Rami is always a great follow.
    Show more Show less
    Less than 1 minute
  • Episode 251 - Passive Scanning, Chrome Extensions, CocoaPods, NVD

    Episode 251 - Passive Scanning, Chrome Extensions, CocoaPods, NVD
    Jul 9 2024
    Seth and Ken are back with Episode 251, continuing on with their ranting over all things application security. This starts with a discussion of Mozilla's HTTP Observatory that scans sites for security-relevant headers and leads to a discussion of so-called "passive" scanning of internet sets for risk analysis purposes. This is followed by a walkthrough of the recent exploit of Chrome extensions for remote code execution on client browsers. Compromise of the Apple-focused CocoaPods package repository. Finally, a discussion about recent problems and headaches at the National Vulnerability Database (NVD).
    Show more Show less
    Less than 1 minute
  • Episode 250 - Security Startups, Polyfill Takeover

    Episode 250 - Security Startups, Polyfill Takeover
    Jul 2 2024
    Seth and Ken are back on the podcast this week without a guest for the first time in a month and start out with an in-depth discussion on startup life based on a recent article from TLDR;Sec. This is followed by thoughts on the recent influx of cash for Portswigger and how it will affect work and the testing space over the next few years. Finally, opinions on the recent polyfill[.io] malware attack and supply chain issues. Join the newsletter at news.absoluteappsec.com for further analysis or pick up some new podcast swag at merch.absoluteappsec.com
    Show more Show less
    Less than 1 minute
  • Episode 249 w/ Tanya Janca - Secure Guardrails

    Episode 249 w/ Tanya Janca - Secure Guardrails
    Jun 25 2024
    Tanya Janca (@shehackspurple on X) joins Ken Johnson (@cktricky) and Seth Law (@sethlaw) for a special episode of the Absolute AppSec podcast. Tanya is currently head of education and community at Semgrep, and is a prominent info security commenter and active contributor to improving the industry for everybody through helping spread values of diversity, inclusion and kindness. Tanya has had experience with a range of roles, startup founder, pentester, CISO, AppSec Engineer, and software developer, and she’s worked at major industry landmarks such as Microsoft, Adobe, and Nokia. She is an award-winning public speaker, the founder of We Hack Purple (since acquired by Semgrep), an active blogger and streamer and has delivered hundreds of talks and trainings on 6 continents. Catch up with Tanya’s multiple activities and initiatives at her website https://shehackspurple.ca
    Show more Show less
    Less than 1 minute
  • Episode 248 w/ Rahil Parikh - Building AppSec Programs

    Episode 248 w/ Rahil Parikh - Building AppSec Programs
    Jun 18 2024
    Rahil Parikh, manager of Security Engineering and Architecture @ Policygenius, joins Seth Law and Ken Johnson for an episode of Absolute AppSec. Rahil is long-time leader in information security who's managed security teams and application security programs at a range of organizations: Policy Genius, Zinnia, the New York Times, Frame.io (now Adobe), Jet.com (Walmart), and Gotham Digital Science (Aon). He's also organized a major technical symposium (AAHVAN 08) and has generally been strengthening the infosec community for beyond a decade. He joins the podcast for the June 18th show, so be sure to tune in to learn more about his path in the industry and his thoughts on application security, cloud security, and leading teams toward success.
    Show more Show less
    Less than 1 minute
  • Episode 247 - w/ Alejandro Saenz

    Episode 247 - w/ Alejandro Saenz
    Jun 11 2024
    Absolute AppSec welcomes Alejandro Saenz to join Seth Law and Ken Johnson as a guest. Alejandro has been active in application and product security fields for over a decade, most recently working in product security for Twilio. Before that he worked as a senior application security engineer and software engineer at Softrams and as an application security consultant at nVisium. Alejandro has regularly contributed to security projects for both better understanding product security metrics and monitoring assets and managing vulnerabilities.
    Show more Show less
    Less than 1 minute
  • Episode 246 - w/ Charles Shirer

    Episode 246 - w/ Charles Shirer
    Jun 4 2024
    Charles Shirer joins Absolute AppSec for a special episode of the show. Charles has decades of experience as a pentester, threat hunter, red teamer, and security consultant. He's CEO of GlobalWave consulting, a security consulting firm that's been serving clients for over a decade. Charles is also a frequent conference speaker, online commentator, and tireless advocate for helping hackers find ways take care of their overall well-being.
    Show more Show less
    Less than 1 minute
  • Episode 245 - w/ Dustin Lehr - Security Champions

    Episode 245 - w/ Dustin Lehr - Security Champions
    May 28 2024
    Dustin Lehr, current director of AppSec at data integration company Fivetran, joins Seth and Ken for a special episode of Absolute AppSec. Dustin has spent years helping improve companies' security cultures industry-wide, through his work co-founding Katilyst Security which focuses on helping companies create security champion programs. Additionally, in that vein, Dustin has created The Security Champion Program Success Guide and heads up the "Let's Talk Software Security" meetup. Before Fivetran, Dustin headed Application Security at Staples. To read some of his thoughts on the benefits of security champions programs as well as advice on setting it up in your organization, you can read his article here hosted on the New Stack: https://securitychampionsuccessguide.org/
    Show more Show less
    Less than 1 minute