The Application Security Podcast

Chris Romeo and Robert Hurlbut

Application Security

Cybersecurity

Threat Modeling

OWASP

Vulnerability Management

Education

Artificial Intelligence

Devsecops

Secure Guardrails

Software Development

API Security

Penetration Testing

EU Cyber Resilience Act

Product Security

Devops

Startups

Local Chapters

Funding Models

Gaming

Security Champions

Chris Romeo and Robert Hurlbut dig into the tips, tricks, projects, and tactics that make various application security professionals successful. They cover all facets of application security, from threat modeling and OWASP to DevOps+security and security champions. They approach these stories in an educational light, explaining the details in a way those new to the discipline can understand. Chris... more

74 ratings

Publishes	Weekly	Episodes	300	Founded	10 years ago
Number of Listeners		Categories	NewsTech NewsTechnology

Listen to this Podcast

Guests Hosts Reviews Talking Points

Latest Episodes

Dwayne McDaniel -- Secrets Sprawl and How AI is Impacting Secrets

GitGuardian found 29 million hard-coded secrets leaked in public GitHub commits in a single year, a 34% jump and the biggest spike they've ever recorded. Dwayne McDaniel joins to break down why AI coding tools, MCP servers, and a false sense of secur... more

14 May 2026 • 45 min

Tanya Janca - Secure Vibe Coding

AI isn’t just helping developers anymore; it’s writing the code, and that changes everything. In this episode, Tanya Janca breaks down “vibe coding,” the hidden security risks behind it, and how teams need to rethink AppSec from the ground up. If you... more

30 Apr 2026 • 47 min

Caroline Wong--The AI Cybersecurity Handbook

Caroline Wong, author of The AI Cybersecurity Handbook and Chief Strategy Officer at Axari, is back! Caroline shares how AI is rapidly changing AppSec, driving massive increases in code, accelerating risk, and challenging traditional security practic... more

21 Apr 2026 • 44 min

Steve Wilson--OpenClaw and Advanced AI Agents

In this episode of the Application Security Podcast, Chris Romeo and Robert Hurlbut welcome back Steve Wilson, a global leader in AI security and Chief AI and Product Officer at Exabeam, as well as founder of the OWASP Gen AI Security Project.

Steve... more

15 Apr 2026 • 49 min

Key Facts

Accepts Guests

Accepts Sponsors

Contact Information

Podcast Host

Number of Listeners

Find out how many people listen to this podcast per episode and each month.

Similar Podcasts

People also subscribe to these shows.

Application Security Weekly (Audio)Mike Shema

Defense in DepthDavid Spark, Steve Zalewski, Geoff Belknap

Risky BusinessRisky Business Media

CISO Series PodcastDavid Spark, Mike Johnson, and Andy Ellis

The AI Daily Brief: Artificial Intelligence News and AnalysisNathaniel Whittemore

Recent Guests

Dwayne McDaniel

Principal developer advocate focused on secret security and non-human identity governance at GitGuardian

GitGuardian

Episode: Dwayne McDaniel -- Secrets Sprawl and How AI is Impacting Secrets

Caroline Wong

Author and Chief Strategy Officer at Axari

Axari

Episode: Caroline Wong--The AI Cybersecurity Handbook

Steve Wilson

Chief AI and Product Officer at Exabeam; founder and co-chair of the OWASP Gen AI Security Project

Exabeam; OWASP Gen AI Security Project

Episode: Steve Wilson--OpenClaw and Advanced AI Agents

Brad Geesaman

Principal security engineer at Ghost

Ghost

Episode: Brad Geesaman - Redefining AppSec with AI: Shrinking Toil, Expanding Impact - How LLMs are able to reduce toil in triage-heavy AppSec workflows

Francesco Cipollone

Seasoned entrepreneur and CEO of Phoenix Security, a contextual-based vulnerability management platform

Phoenix Security

Episode: Francesco Cipollone - Agentic AI Manifesto

Akansha Shukla

An information security professional with over 10 years of experience in application security, DevSecOps, and API security.

Women4Cyber

Episode: Akansha Shukla - Modern AppSec: Securing APIs with Threat Modeling and DevSecOps

Nariman Aga-Tagiyev

An application security expert with over two decades of software development experience

Episode: Getting Ready for the EU CRA

Marisa Fagan

Head of product at Katilyst, a security champions as a service startup

Katilyst

Episode: Marisa Fagan - Measuring Security Culture

Aram Hovsepyan

Expert in security metrics and researcher

Kodifik & OWASP SAM Core Team

Episode: Aram Hovsepyan -- Your Security Dashboard is Lying to You: The Science of Metrics

Hosts

Chris Romeo

VP of Security Compass and a general partner at Kerr Ventures; co-host with a long-running focus on application security, threat modeling, and DevSecOps.

Robert Hurlbut

Principal Product Security Architect and Threat Modeling Trainer with extensive experience in threat modeling and security metrics.

Reviews

4.9 out of 5 stars from 74 ratings

Empowering, insightful and actionable! 🔥
Whether you’re well established as an AppSec innovator, or just getting started as a catalyst for change - this is a must-listen podcast for you! Chris and Robert do an incredible job leading conversations that cover a huge breadth of topics related to the ins and outs of staying on the cutting edge of data security and privacy - with leaders who’ve actually experienced success themselves. Highly recommend listening and subscribing!
Apple Podcasts
5
JoshCrist
United States5 years ago
Best AppSec Podcast
Interesting subjects and interviews. These guys know their stuff. Aren’t afraid to admit when they don’t know a lot about a topic. Just like me we are all here to learn from experts in the field of AppSec. They ask the most interesting and relevant questions of their guests.
Keep up the great work!!
Apple Podcasts
5
mjdecap
United States6 years ago
awesome and very informative!
Proud to give you a 5-star review! Well worth it!
Apple Podcasts
5
holysheetman
United States8 years ago
For developers and testers
Best podcast for web application developers and testers. Vulnerabilities and controls in the same place.
Apple Podcasts
5
Eepica
United Kingdom9 years ago

Embed These Reviews on a Website

Listeners Say

Key themes from listener reviews, highlighting what works and what could be improved about the show.

Guests consistently deliver practical guidance and honest questions.

The show is useful for developers and security engineers alike, with focused topics on AI, threat modeling, and culture.

Audience notes that questions are relevant and the conversations stay on topic for security teams.

Listeners praise approachable, actionable AppSec discussions with real-world insights.

Top Technology Podcasts

AcquiredBen Gilbert and David Rosenthal

Tomorrow, TodayShekhar Natarajan

All-In with Chamath, Jason, Sacks & FriedbergAll-In Podcast, LLC

The AI Daily Brief: Artificial Intelligence News and AnalysisNathaniel Whittemore

Search EnginePJ Vogt

The Room PodcastClaudia Laurie and Madison McIlwain

Hard ForkThe New York Times

Building AI BostonBuilding AI Boston

Eye On A.I.Craig S. Smith

TED Radio HourNPR

Talking Points

Recent interactions between the hosts and their guests.

Dwayne McDaniel -- Secrets Sprawl and How AI is Impacting Secrets

Q: Why is there such a large jump in secret leakage, and how much is AI contributing?

Leakage growth outpaced overall coding activity, and while AI tools correlate with spikes in leakage (especially during periods when new models were rolled out), the issue is broader—tools change how data is produced, but root causes include vault sprawl, misconfigurations, and insufficient governance; AI accelerates both leakage and the potential for better detection and remediation.

Dwayne McDaniel -- Secrets Sprawl and How AI is Impacting Secrets

Q: What are the primary data sources feeding the State of Secret Sprawl 2026 report?

The biggest source is GitHub Public events, with a focus on commits and secrets that move from private to public; additional internal data from customers and research into public access incidents augment the findings.

Steve Wilson--OpenClaw and Advanced AI Agents

Q: How much trust do you put into AI agents creating code, given the current state of technology?

Trust depends on risk tolerance and the ability to enforce controls; use an intern-like approach with access gates and ensure continuous runtime monitoring to catch misbehaviors as the system scales.

Francesco Cipollone - Agentic AI Manifesto

Q: What are some of the key principles or pillars of the manifesto that are important here to talk about?

Francesco discusses principles like not demonizing LLMs, using agents to aid humans, and emphasizing security and privacy by design.

Francesco Cipollone - Agentic AI Manifesto

Q: What is the agentic AI manifesto and what motivated you to create it?

Francesco explains that the manifesto arose from the need to apply AI sensibly, emphasizing human agency over AI's capabilities and addressing potential pitfalls of uncritical AI adoption.

Audience Metrics

Listeners, social reach, demographics and more for this podcast.

Listeners per Episode
Gender Skew
Location
Interests
Professions
Age Range
Household Income
Social Media Reach

Frequently Asked Questions About The Application Security Podcast

What is The Application Security Podcast about and what kind of topics does it cover?

The show centers on practical application security, threat modeling, and DevSecOps, often featuring security leaders who blend hands-on expertise with strategic thinking. Episodes frequently explore AI's impact on AppSec, secure development practices, and how to measure and improve security culture, with a bias toward actionable guidance for teams, developers, and security professionals. A notable strength is its ability to translate complex topics into accessible language, making it useful for both practitioners and leaders looking to elevate their security programs. The mix of industry veterans and active practitioners tends to generate candid discussions about tooling, processes, and real-world outcomes, which can help listeners benchmar... more

Where can I find podcast stats for The Application Security Podcast?

Rephonic provides a wide range of podcast stats for The Application Security Podcast. We scanned the web and collated all of the information that we could find in our comprehensive podcast database. See how many people listen to The Application Security Podcast and access YouTube viewership numbers, download stats, audience demographics, chart rankings, ratings, reviews and more.

How many listeners does The Application Security Podcast get?

Rephonic provides a full set of podcast information for three million podcasts, including the number of listeners. View further listenership figures for The Application Security Podcast, including podcast download numbers and subscriber numbers, so you can make better decisions about which podcasts to sponsor or be a guest on. You will need to upgrade your account to access this premium data.

What are the audience demographics for The Application Security Podcast?

Rephonic provides comprehensive predictive audience data for The Application Security Podcast, including gender skew, age, country, political leaning, income, professions, education level, and interests. You can access these listener demographics by upgrading your account.

How many subscribers and views does The Application Security Podcast have?

To see how many followers or subscribers The Application Security Podcast has on Spotify and other platforms such as Castbox and Podcast Addict, simply upgrade your account. You'll also find viewership figures for their YouTube channel if they have one.

Which podcasts are similar to The Application Security Podcast?

These podcasts share a similar audience with The Application Security Podcast:

1. Application Security Weekly (Audio)
2. Defense in Depth
3. Risky Business
4. CISO Series Podcast
5. The AI Daily Brief: Artificial Intelligence News and Analysis

How many episodes of The Application Security Podcast are there?

The Application Security Podcast launched 10 years ago and published 300 episodes to date. You can find more information about this podcast including rankings, audience demographics and engagement in our podcast database.

How do I contact The Application Security Podcast?

Our systems regularly scour the web to find email addresses and social media links for this podcast. We scanned the web and collated all of the contact information that we could find in our podcast database. But in the unlikely event that you can't find what you're looking for, our concierge service lets you request our research team to source better contacts for you.

Where can I see ratings and reviews for The Application Security Podcast?

Rephonic pulls ratings and reviews for The Application Security Podcast from multiple sources, including Spotify, Apple Podcasts, Castbox, and Podcast Addict.

View all the reviews in one place instead of visiting each platform individually and use this information to decide if a show is worth pitching or not.

How do I access podcast episode transcripts for The Application Security Podcast?

Rephonic provides full transcripts for episodes of The Application Security Podcast. Search within each transcript for your keywords, whether they be topics, brands or people, and figure out if it's worth pitching as a guest or sponsor. You can even set-up alerts to get notified when your keywords are mentioned.

What guests have appeared on The Application Security Podcast?

Recent guests on The Application Security Podcast include:

1. Dwayne McDaniel
2. Caroline Wong
3. Steve Wilson
4. Brad Geesaman
5. Francesco Cipollone
6. Akansha Shukla
7. Nariman Aga-Tagiyev
8. Marisa Fagan

To view more recent guests and their details, simply upgrade your Rephonic account. You'll also get access to a typical guest profile to help you decide if the show is worth pitching.

Find and pitch the right podcasts

We help savvy brands, marketers and PR professionals to find the right podcasts for any topic or niche. Get the data and contacts you need to pitch podcasts at scale and turn listeners into customers.

Try it free for 7 days