Coffee, Chaos & ProdSec is where cybersecurity meets caffeine-fueled chaos. Hosts Kurt (security architect and chaos tamer) and Cameron (ProdSec wrangler and DevSecOps junkie) dive into hacking, AppSec, supply chain failures, AI surprises, and the everyday madness of defending modern systems. With humor, sharp insight, real breach breakdowns, bad password confessions, and a few questionable impressions, they explore the messy reality of security and how teams survive it. New episodes Every W ...
…
continue reading
Coffee, Chaos And ProdSec Podcasts
1
Ep 14 - DevSecOps Without the Buzzwords - What It Really Takes to Build Secure Software
1:09:57
1:09:57
Play later
Play later
Lists
Like
Liked
1:09:57
🎙️ Coffee, Chaos and ProdSec - Ep 14 DevSecOps gets thrown around in cybersecurity more than any other term, but almost no one agrees on what it actually means. So this week, Kurt and Cameron pour fresh mugs and unpack the real practices behind modern Application Security, Product Security, DevSecOps, and Software Supply Chain Security without the …
…
continue reading
1
Ep 13 - Untangling Cloud Security - Foundations, Failures, and What Teams Miss
1:03:47
1:03:47
Play later
Play later
Lists
Like
Liked
1:03:47
🎙️ Coffee, Chaos & ProdSec – Episode 13 This week, Cameron and Kurt tackle the questions everyone claims to understand but absolutely argues about in every cloud meeting. What is the cloud really? Why is identity suddenly the perimeter? And how did Kubernetes quietly become everyone’s new production environment? We break down the real concerns behi…
…
continue reading
1
Ep 12 - OWASP Top 10:2025 RC1 Breakdown - The Vulnerabilities That Refuse To Die
1:04:57
1:04:57
Play later
Play later
Lists
Like
Liked
1:04:57
🎙️ Coffee, Chaos & ProdSec - Ep 12 The OWASP Top 10:2025 RC1 is here, and it is already causing chaos. So this week, Kurt and Cameron grab their mugs and break down every category with real world stories, honest takes, and a few spicy opinions on why some vulnerabilities just will not go away. From Broken Access Control dominating the charts again,…
…
continue reading
1
Ep 11 – Google vs FFmpeg - The Open Source Meltdown
58:19
58:19
Play later
Play later
Lists
Like
Liked
58:19
🎙️ Coffee, Chaos & ProdSec – Episode 11 This week, Kurt and Cameron break down the showdown between Google’s Big Sleep AI and the FFmpeg maintainers keeping the internet’s media backbone running for free. A tiny bug in a 1995 video codec sparked a big debate about responsibility, AI-driven vulnerability hunting, and the growing strain on open sourc…
…
continue reading
1
Ep 10 - From Chaos to Controls - The Story Behind OWASP SPVS
49:36
49:36
Play later
Play later
Lists
Like
Liked
49:36
🎙️ Coffee, Chaos & ProdSec – Ep 10 This week, Cameron and Kurt sit down with the co-founders of the OWASP Secure Pipeline Verification Standard to unpack the real story behind SPVS and why the industry desperately needed a pipeline-focused security standard. From the early days of chaotic DevSecOps practices and scattered controls, to the moment th…
…
continue reading
1
Ep 09 - Secrets in the Code - How Leaked Keys Can Sink a Ship
54:21
54:21
Play later
Play later
Lists
Like
Liked
54:21
Ever pushed an API key at 2 a.m. and hoped nobody noticed? In this episode, we dig into one of the most preventable but devastating security failures: secrets in code. From leaked AWS keys and OAuth tokens to misconfigured GitHub Actions, we explore how small oversights can open the door to massive breaches, and why this problem keeps growing every…
…
continue reading
1
Ep 08 - Hack the Stack - Inside the Chaos of Pen Testing
1:11:08
1:11:08
Play later
Play later
Lists
Like
Liked
1:11:08
What really happens when you “hack the stack”? In this episode, we pull back the curtain on the messy, brilliant world of penetration testing, from corporate networks and VPNs to APIs, CI/CD pipelines, and live production systems. We explain what pen testing actually is, why it’s often misunderstood, and how the best testers balance creativity, cur…
…
continue reading
1
Ep 07 - Access (Out of) Control - Tales of Permissions Gone Wild
57:31
57:31
Play later
Play later
Lists
Like
Liked
57:31
Who left the keys under the mat? In this episode, we unlock the chaos behind broken access control, from S3 buckets of doom to interns with production privileges. We share real-world stories of “everyone’s an admin,” zombie accounts, and permission creep that turned harmless systems into ticking time bombs. Then we dig into why this keeps happening…
…
continue reading
1
Ep 06 - The Break Down - So You Wanna Be a ProdSec Pro?
1:02:53
1:02:53
Play later
Play later
Lists
Like
Liked
1:02:53
Thinking about breaking into Product Security? In this episode, we lay out the roadmap, how to start, what to learn, and how to thrive once you land the role. We share our own origin stories, the detours we took to get here, and the lessons we learned the hard way along the way. Then we dig into the skills that matter, from threat modeling and secu…
…
continue reading
1
Ep 05 - War Stories - The Most Interesting Attacks We’ve Witnessed
55:02
55:02
Play later
Play later
Lists
Like
Liked
55:02
Where were you when Log4j hit? In this episode, we revisit some of the wildest moments in modern AppSec and ProdSec history, from dependency chaos and credential leaks to the late-night incidents that taught us the most. We talk through real (and an0nym1z3d) stories that shaped how we think about risk, response, and resilience. We break down what a…
…
continue reading
1
Ep 04 - Peering into the Crystal Ball - Trends Shaping the Future of ProdSec
1:05:04
1:05:04
Play later
Play later
Lists
Like
Liked
1:05:04
What’s next for Product Security? In this episode, we dust off the crystal ball and predict how the next wave of technology will reshape the field. From zero-downtime patching and ephemeral secrets to “observability as security,” we explore what’s real progress and what’s pure hype. We dive into DevSecOps trends like AI-driven automation, ASPM, min…
…
continue reading
1
Ep 03 - The Gauntlet - Top Challenges in Production Security Today
56:29
56:29
Play later
Play later
Lists
Like
Liked
56:29
Why is ProdSec so challenging? In this episode, we run through the real-world gauntlet of modern production security, scaling secrets management, securing ephemeral infrastructure, and keeping pace with relentless deployment cycles. We dig into why these problems persist and what’s finally starting to work. From cloud misconfigurations and pipeline…
…
continue reading
1
Ep 02 - Passion Projects - What Gets Us Fired Up About ProdSec
47:55
47:55
Play later
Play later
Lists
Like
Liked
47:55
What keeps security folks up at night, and what gets us out of bed in the morning? In this episode, we get personal about the parts of ProdSec that inspire, frustrate, and challenge us most. From building secure-by-default pipelines to chasing the thrill of catching bugs before they bite, we share what fuels our obsession with protecting products a…
…
continue reading
What even is Product Security? In this kickoff episode, we break down what makes ProdSec the connective tissue between AppSec, DevSecOps, and engineering. We unpack why it exists, how it differs from other security domains, and why every modern product team needs it, even if they don’t realize it yet. Then we explore what real-world ProdSec looks l…
…
continue reading
1
Ep 00 - Coffee, Chaos & ProdSec: A Caffeinated Dive into Cybersecurity Mayhem
1:50
1:50
Play later
Play later
Lists
Like
Liked
1:50
🎙️ Coffee, Chaos & ProdSec - Official Trailer Ever wish cybersecurity came with caffeine, chaos, and a few laughs? Welcome to Coffee, Chaos & ProdSec, where your hosts Kurt (security architect and chaos tamer) and Cameron (ProdSec wrangler and reformed script kiddie) brew up weekly conversations on the wild world of modern security. From real-world…
…
continue reading
