Application Security Weekly Subscribe

DevSecOps, Application security

DevSecOps Essentials – Keith Hoodlet – ASW #224

January 2, 2023

How do you mature a team responsible for securing software? What are effective ways to prioritize investments?

We'll discuss a set of posts on building talent, building capabilities, and what mature teams look like.

Segment resources:

https://securing.dev/categories/essentials/

Full episode and show notes

Guest

Keith Hoodlet

Keith Hoodlet

Principal Security Specialist at GitHub

Keith Hoodlet is a Principal Security Specialist for the world’s largest Open Source Software development platform – GitHub.

Named as one of the world’s 50 Influential DevSecOps Professionals on Peerlyst in 2019, Keith has worked on projects such as starting the Application Security Weekly podcast (episodes 0 – 55), as well as restarting the InfoSec Mentors Project with Jimmy Vo in 2015. Keith is also known for his work as an ethical hacker and 2018 MVP on the Bugcrowd platform.

In his free time, Keith enjoys thinking, writing about, and discussing complex problems at the crossroads of Software Development and Information Security; he has delivered both talks and trainings globally on the topics of DevSecOps, Secure Software Development, and Web Application Security.

Hosts

Mike Shema

Mike Shema

Tech Lead at Block

Akira Brand

Application Security Engineer at Resilia

https://www.akirabrand.com

John Kinsella

John Kinsella

Co-founder & CTO at Cysense

Related

Application security

Starting with Appsec — Is It More of a Position or a Process? – ASW #264

November 27, 2023

This year we've talked about vulns, clouds, breaches, presentations, and all the variations of Dev, Sec, and Ops. As we end the year, let's talk about starting things -- like starting an appsec program or an appsec career. But is there still a need for an appsec team? Or has it turned into specializations for areas like cloud security and bug bount...

Application security

Randstorm, Nothing Chats, Platform Engineering, PyPI Security Audit – ASW #264

November 27, 2023

Weak randomness in old JavaScript crypto, lack of encryption in purported end-to-end encryption, a platform engineering maturity model, PyPI's first security audit, vision for a Rust specification, and more!

Application security

Platform Firmware Security – Magggie Jauregui – ASW Vault

November 20, 2023

Firmware security is complex and continues to be an industry challenge. In this podcast we'll talk about the reasons firmware security remains a challenge and some best practices around platform security. Segment Resources: https://www.helpnetsecurity.com/2020/04/27/firmware-blind-spots/ https://www.helpnetsecurity.com/2020/09/28/hardware-securi...