The Application Security Podcast

Chris Romeo and Robert Hurlbut

Application Security

Threat Modeling

Cybersecurity

Artificial Intelligence

Responsible AI

OWASP Juice Shop

Product Security

Assumed Breach Red Team Engagements

Vulnerability Management

Minimum Viable Secure Product

Security

Web3

Cloud Security

Owasp

Security Culture

Training

Privacy

Bug Bounty

Ai-Driven Automation

Generative AI

Chris Romeo and Robert Hurlbut dig into the tips, tricks, projects, and tactics that make various application security professionals successful. They cover all facets of application security, from threat modeling and OWASP to DevOps+security and security champions. They approach these stories in an educational light, explaining the details in a way those new to the discipline can understand. Chris... more

73 ratings

Publishes	Twice monthly	Episodes	294	Founded	9 years ago
Number of Listeners		Categories	Tech NewsTechnologyNews

Listen to this Podcast

Guests Hosts Reviews Charts Talking Points

Latest Episodes

Francesco Cipollone - Agentic AI Manifesto

Francesco Cipollone, the CEO of Phoenix Security, shares his extensive experience in AI and security, discussing the crucial difference between true AI agents and glorified chatbots. Learn why Phoenix Security utilizes six different LLMs instead of a... more

Yesterday • 33 min

Simon Gibbs & Devika Gibbs -- Building Bridges with Games

Simon and Devika Gibbs, the innovative minds behind Cybersec Games, join us on the episode today. Discover how the Gibbs duo are revolutionizing the way we teach and learn security concepts through interactive gaming. Learn about their journey from d... more

16 Sep 2025 • 36 min

Akansha Shukla - Modern AppSec: Securing APIs with Threat Modeling and DevSecOps

Our guest today is Akansha Shukla, an information security professional with over 10 years of experience in application security, DevSecOps, and API security. We’re discussing why API security remains one of the least mature areas of AppSec today and... more

2 Sep 2025 • 35 min

Getting Ready for the EU CRA

The European Union's Cyber Resilience Act is set to revolutionize how we approach product security worldwide. In this episode, we sit down with application security expert Nariman Aga-Tagiyev to break down everything you need to know about this legis... more

20 Aug 2025 • 40 min

Key Facts

Accepts Guests

Accepts Sponsors

Contact Information

Podcast Host

Number of Listeners

Find out how many people listen to this podcast per episode and each month.

Similar Podcasts

People also subscribe to these shows.

Application Security Weekly (Audio)Security Weekly Productions

Defense in DepthDavid Spark, Steve Zalewski, Geoff Belknap

CISO Series PodcastDavid Spark, Mike Johnson, and Andy Ellis

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)Johannes B. Ullrich

Smashing SecurityGraham Cluley

Recent Guests

Akansha Shukla

An information security professional with over 10 years of experience in application security, DevSecOps, and API security.

Women4Cyber

Episode: Akansha Shukla - Modern AppSec: Securing APIs with Threat Modeling and DevSecOps

Nariman Aga-Tagiyev

An application security expert with over two decades of software development experience

Episode: Getting Ready for the EU CRA

Marisa Fagan

Head of product at Katilyst, a security champions as a service startup

Katilyst

Episode: Marisa Fagan - Measuring Security Culture

Aram Hovsepyan

Expert in security metrics and researcher

Kodifik & OWASP SAM Core Team

Episode: Aram Hovsepyan -- Your Security Dashboard is Lying to You: The Science of Metrics

Sean Varga

AppSec sales expert and former principal product security architect

Episode: Sean Varga -- OWASP Top 10 for AppSec Sales

Sarah Jane Madden

Expert in Application Security and Advisor for Devici

Advisor for Devici

Episode: Sarah-Jane Madden -- What AI means for AppSec

Dag Flachet

Co-founder of Codific and professor at Geneva Business School

Codific

Episode: Dag Flachet -- Kaizen for your Appsec Program

Jim Routh

Former CSO and CISO with extensive experience in cybersecurity

Episode: Jim Routh -- The CISO Transition to the rest of life

Henrik Plate

Principal Security Researcher at Endor Labs

Endor Labs

Episode: Henrik Plate -- OWASP Top 10 Open Source Risks

Hosts

Chris Romeo

Co-host of the Application Security Podcast, CEO of Devici, and a General Partner at Kerr Ventures, Chris Romeo is recognized for his contributions to application security and expertise in threat modeling.

Robert Hurlbut

Co-host of the Application Security Podcast and Principal Application Security Architect focused on Threat Modeling, Robert Hurlbut brings extensive experience and expertise in cybersecurity practices.

Reviews

4.9 out of 5 stars from 73 ratings

Empowering, insightful and actionable! 🔥
Whether you’re well established as an AppSec innovator, or just getting started as a catalyst for change - this is a must-listen podcast for you! Chris and Robert do an incredible job leading conversations that cover a huge breadth of topics related to the ins and outs of staying on the cutting edge of data security and privacy - with leaders who’ve actually experienced success themselves. Highly recommend listening and subscribing!
Apple Podcasts
5
JoshCrist
United States4 years ago
Best AppSec Podcast
Interesting subjects and interviews. These guys know their stuff. Aren’t afraid to admit when they don’t know a lot about a topic. Just like me we are all here to learn from experts in the field of AppSec. They ask the most interesting and relevant questions of their guests.
Keep up the great work!!
Apple Podcasts
5
mjdecap
United States6 years ago
awesome and very informative!
Proud to give you a 5-star review! Well worth it!
Apple Podcasts
5
holysheetman
United States8 years ago
For developers and testers
Best podcast for web application developers and testers. Vulnerabilities and controls in the same place.
Apple Podcasts
5
Eepica
United Kingdom8 years ago

Embed These Reviews on a Website

Listeners Say

Key themes from listener reviews, highlighting what works and what could be improved about the show.

Feedback highlights the relatable hosts and their ability to break down complex topics into understandable segments.

Listeners appreciate the insightful discussions that combine practical application with expert advice.

The show is often lauded for its relevance to professionals at various levels of application security, making it a recommended resource for ongoing education.

Chart Rankings

How this podcast ranks in the Apple Podcasts, Spotify and YouTube charts.

Apple Podcasts	#15	Philippines/Technology
Apple Podcasts	#107	India/Technology
Apple Podcasts	#156	Singapore/Technology
Apple Podcasts	#235	Colombia/Technology

Talking Points

Recent interactions between the hosts and their guests.

Getting Ready for the EU CRA

Q: What is the EU CRA?

The EU CRA is legislation aimed at ensuring that products and software components are developed with security by design, requiring proactive security measures and incident response obligations.

Marisa Fagan - Measuring Security Culture

Q: What are some common missteps or anti-patterns that you've seen organizations make when they're launching a champions program?

Common missteps include failing to write down the structure and vision for the program, which can lead to confusion and misalignment with company culture. Establishing clear definitions and having an official program is crucial.

Marisa Fagan - Measuring Security Culture

Q: What are the key components of an effective pilot and how do you scale it into a full program?

An effective pilot serves as a small test phase to work out bugs in the program or tactics. It engages a subset of your ideal audience, focusing on the best parts of your program. After the pilot, you should reset the program to start with a larger group based on feedback gather.

Aram Hovsepyan -- Your Security Dashboard is Lying to You: The Science of Metrics

Q: What are some overlooked metrics that people should use?

People should track the number of implemented security requirements and how many of those are automated in their CI-CD pipelines.

Aram Hovsepyan -- Your Security Dashboard is Lying to You: The Science of Metrics

Q: What inspired your talk at OWASP APSEC EU about security metrics?

I initially didn't realize the depth of issues with existing security metrics, but after doing research, I recognized the flaws.

Audience Metrics

Listeners, social reach, demographics and more for this podcast.

Listeners per Episode
Gender Skew
Location
Interests
Professions
Age Range
Household Income
Social Media Reach

Frequently Asked Questions About The Application Security Podcast

What is The Application Security Podcast about and what kind of topics does it cover?

The content focuses on the multifaceted world of application security, addressing various aspects such as threat modeling, OWASP guidelines, and the integration of security within DevOps practices. Episodes typically feature insights from industry experts and practitioners, sharing their experiences and strategies for success in the field. The podcast is educational in nature, aiming to make application security concepts accessible to listeners of varying expertise levels. With a commitment to promoting security awareness and the importance of security champions in organizations, it offers valuable resources for professionals looking to enhance their understanding and implementation of application security.

Where can I find podcast stats for The Application Security Podcast?

Rephonic provides a wide range of podcast stats for The Application Security Podcast. We scanned the web and collated all of the information that we could find in our comprehensive podcast database. See how many people listen to The Application Security Podcast and access YouTube viewership numbers, download stats, audience demographics, chart rankings, ratings, reviews and more.

How many listeners does The Application Security Podcast get?

Rephonic provides a full set of podcast information for three million podcasts, including the number of listeners. View further listenership figures for The Application Security Podcast, including podcast download numbers and subscriber numbers, so you can make better decisions about which podcasts to sponsor or be a guest on. You will need to upgrade your account to access this premium data.

What are the audience demographics for The Application Security Podcast?

Rephonic provides comprehensive predictive audience data for The Application Security Podcast, including gender skew, age, country, political leaning, income, professions, education level, and interests. You can access these listener demographics by upgrading your account.

How many subscribers and views does The Application Security Podcast have?

To see how many followers or subscribers The Application Security Podcast has on Spotify and other platforms such as Castbox and Podcast Addict, simply upgrade your account. You'll also find viewership figures for their YouTube channel if they have one.

Which podcasts are similar to The Application Security Podcast?

These podcasts share a similar audience with The Application Security Podcast:

1. Application Security Weekly (Audio)
2. Defense in Depth
3. CISO Series Podcast
4. SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
5. Smashing Security

How many episodes of The Application Security Podcast are there?

The Application Security Podcast launched 9 years ago and published 294 episodes to date. You can find more information about this podcast including rankings, audience demographics and engagement in our podcast database.

How do I contact The Application Security Podcast?

Our systems regularly scour the web to find email addresses and social media links for this podcast. We scanned the web and collated all of the contact information that we could find in our podcast database. But in the unlikely event that you can't find what you're looking for, our concierge service lets you request our research team to source better contacts for you.

Where can I see ratings and reviews for The Application Security Podcast?

Rephonic pulls ratings and reviews for The Application Security Podcast from multiple sources, including Spotify, Apple Podcasts, Castbox, and Podcast Addict.

View all the reviews in one place instead of visiting each platform individually and use this information to decide if a show is worth pitching or not.

How do I access podcast episode transcripts for The Application Security Podcast?

Rephonic provides full transcripts for episodes of The Application Security Podcast. Search within each transcript for your keywords, whether they be topics, brands or people, and figure out if it's worth pitching as a guest or sponsor. You can even set-up alerts to get notified when your keywords are mentioned.

What guests have appeared on The Application Security Podcast?

Recent guests on The Application Security Podcast include:

1. Akansha Shukla
2. Nariman Aga-Tagiyev
3. Marisa Fagan
4. Aram Hovsepyan
5. Sean Varga
6. Sarah Jane Madden
7. Dag Flachet
8. Jim Routh

To view more recent guests and their details, simply upgrade your Rephonic account. You'll also get access to a typical guest profile to help you decide if the show is worth pitching.

Find and pitch the right podcasts

We help savvy brands, marketers and PR professionals to find the right podcasts for any topic or niche. Get the data and contacts you need to pitch podcasts at scale and turn listeners into customers.

Try it free for 7 days