Absolute AppSec Ken Johnson and Seth Law

Louis Barrett of the Segment SIRT team joins Seth and Ken to discuss his path into security, mentors, and SIRT. Discussions on approaching SIRT, creating a SIRT team, and how to integration AppSec into the SIRT.

Ken and Seth are joined by Matias Madou, CTO of Secure Code Warrior. Discussion of current state of application security training, static analysis tools, and just-in-time-training.

Seth and Ken host the podcast live from DevSecOpsDays Austin, with multiple guests from conference speakers. Discussions on what each guest feels is up next in AppSec and DevSecOps for the forseeable future.

Seth and Ken host Seth and Santa's Secure Workshop as a pair this week. The discussion revolves around the Hacker 1 "breach", Practical Pentest Lab's storage and sending of plaintext passwords, chicken fingie injection, and toxicity of infosec social media. May or may not be a discussion on squirrels and pigeons in cowboy hats.

Seth and Ken are joined this week by Clint Gibler (@clintgibler) to talk about DevSecOps, what he sees in the industry as effective security, and his newsletter TLDR; Sec (https://bit.ly/tldrsec). Comments on prioritization, asset inventory, and effectively quashing bug classes.

Guy Podjarny (@guypod), founder of Snyk, joins Ken and Seth to talk about Snyk, the origins of AppScan Standard, Software Composition Analysis and his origin story. A discussion of building developer focused security tools and how this can benefit security in the long run.