Cyber Security & Cloud Podcast

I had the amazing opportunity to be a guest on the Cyber Security & Cloud Podcast, hosted by Francesco Cipollone. The episode is available here:


Francesco and I discussed my start in application security, how to mentor new interns and bridge the skill-gap, and how to measure application security progress when deploying shift left methodologies in devsecops.

2:00 – Nathan
7:30 – from music to cybersecurity and new generation
11:00 – State of application security
14:00 – Vulnerability – What is a vulnerability in software
18:00 – How do you bring in the business in appsec – Product security
12:00 – Cybersecurity technicalities – Pen-tests and regulation
16:00 – Cybersecurity and regulation in USA
19:00 – SBOM, Digital Software supply chain
20:00 – Risk for application security and business perspective
22:00 – Business categories of risk for application security
24:00 – Business criticality vs low criticality – how to talk about risk
26:00 – Prioritize work based on risk in application security
27:00 – Avoiding burnout and preventing risk – mailchimp program of work – SPIDER
31:00 – Doing more with less in application security
33:00 – Measuring shift left effectiveness – Dentist story
37:00 – Positive message and conclusion

Listen on your favorite cloud podcast or via: