In this conversation, Robert Wood and Gunnar Peterson delve into the complexities of application security (AppSec), discussing its evolution, the importance of building effective AppSec programs, and the need for engaging developers in security practices. They explore the blurred lines between cloud security and application security, the role of posture management tools, and the significance of an asset-centric approach to security. Gunnar emphasizes the importance of understanding key use cases and platforms within an organization, as well as the need for security professionals to broaden their skill sets to navigate the changing landscape of cybersecurity effectively.Takeaways

• Application security is evolving, requiring a focus on both technology and human factors.
• Understanding the organization's current state is crucial for building an effective AppSec program.
• Coverage and efficacy are key metrics for assessing AppSec initiatives.
• Engaging developers is essential for successful security practices.
• In larger organizations, security efforts can become check-the-box activities.
• The lines between cloud security and application security are increasingly blurred.
• Posture management tools are emerging to address skill gaps in AppSec.
• An asset-centric approach to security is gaining traction in the industry.
• New security professionals should prioritize understanding key business use cases.
• The future of security will require blending traditional practices with new technologies.

Sound Bites

• "Good judgment comes from experience."
• "You have to have the humility to recognize."

Chapters00:00  Introduction to Application Security and Its Evolution02:59. Building an Effect...