In this episode of Secrets of AppSec Champions, host Chris Lindsey and guest Toby Jackson dive into the strategies and best practices for maturing an application security (AppSec) program. Toby underscores the necessity of validating video messages, with the same rigor applied to emails and texts, to mitigate security threats. Emphasizing the growing menace of SIM card hijacking and SMS interception, both experts advocate for regular reviews of security processes and procedures. They also stress the critical role of education in an organization's security posture, championing the integration of security awareness training into HR programs and developer education to identify and resolve vulnerabilities.
The discussion moves to the importance of leadership understanding security vulnerabilities, where Chris and Toby recommend clearly communicating the potential impacts to ensure informed decision-making. Both suggest maintaining thorough documentation and sharing attack findings with development teams to help them address weaknesses effectively. When it comes to penetration testing, they advise addressing issues identified by Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) tools before external pen tests. This ensures a more thorough assessment and prioritizes fixing high-risk applications first, while also advocating for long-term security planning that aligns with business goals and maintenance of strong inter-team relationships.
Chris and Toby explore the evolving landscape of security tools, AI, and their implications. They caution about the potential for AI in security to automate routine tasks while warning of data privacy risks. Policies and procedures must be in place to safeguard intellectual property and manage AI use, underlining the need for leadership involvement in AI-related decisions. The conversation underscores the importance of keeping security tools up to date and having cross-team communication, supported by security champions. To wrap up, the podcast encourages listeners to subscribe, rate, and review the show, reinforcing the value of community engagement in the ongoing discourse on application security.
Key Topics with timestamps:
00:00 Decoding Application Security: Maturing Your Program
05:52 The Importance of Detail-Oriented Security Leadership
07:49 Strategies for Evaluating and Securing Applications
12:25 Evaluating and Maturing Penetration Testing Tools
13:28 Importance of Regularly Reassessing Security Tools
18:34 Security Tools and AI Analysis Vendors Importance
22:28 Importance of Maturity, Communication, and Planning in Security Testing
25:31 Implementing Internal Keywords for Identity Verification
27:34 Integrating Security Awareness into HR Training Plans
32:54 The Impact of Pen Tests on Application Security
35:36 Advancing Security: Insights and Progress with Toby
05:52 The Importance of Detail-Oriented Security Leadership
07:49 Strategies for Evaluating and Securing Applications
12:25 Evaluating and Maturing Penetration Testing Tools
13:28 Importance of Regularly Reassessing Security Tools
18:34 Security Tools and AI Analysis Vendors Importance
22:28 Importance of Maturity, Communication, and Planning in Security Testing
25:31 Implementing Internal Keywords for Identity Verification
27:34 Integrating Security Awareness into HR Training Plans
32:54 The Impact of Pen Tests on Application Security
35:36 Advancing Security: Insights and Progress with Toby
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Special Summer Offer: Exclusively on Apple Podcasts, try our Dateline Premium subscription completely free for one month! With Dateline Premium, you get every episode ad-free plus exclusive bonus content.
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.