Best Tromzo Podcasts (2025)

1
EP 60 - Appian’s Abdullah Munawar on Enhancing Product Security Amid Evolving Development Trends 21:05

Play Pause

1y ago21:05

21:05

In this episode of the Future of Application Security podcast, Harshil speaks with Abdullah Munawar, Director of Product Security at Appian. Abdullah shares valuable insights into his journey from security assessments and consulting to leading product security efforts, discussing the evolving challenges and strategies for building effective securit…

1
EP 59 - Nat Mokry on Advancing Application Security in the Gaming Industry 26:55

1y ago26:55

26:55

In our latest episode of the Future of Application Security podcast, Nat Mokry, VP of Application & Product Security at Xbox (formerly of Activision Blizzard at the time of recording), shares valuable insights into the world of application security, from the mission of defending player trust to emphasizing the importance of technical skills in cybe…

1
EP 58 — Asana's Felix Matenaar on Building Resilient Security Practices for the Future 32:45

1y ago32:45

32:45

In this episode of the Future of Application Security podcast, Harshil interviews Felix Matenaar, Head of Product Security at Asana. Felix shares insights into his journey from Germany to Silicon Valley, where he transitioned from mobile security to leading Asana's product security efforts. The conversation highlights Felix's experience in creating…

1
EP 57 — Clari's Steve Lukose on Using SLAs as Benchmarks for Businesses 27:05

1y ago27:05

27:05

In this episode of the Future of Application Security, Harshil speaks with Steve Lukose, Vice President of Security at Clari, about how security is becoming a business enabler rather than just an organization. Steve explains why SLAs will become one of the benchmarks for security experts to use, but that it won’t necessarily be for all aspects of s…

1
EP 56 — Aruneesh Salhotra on Why Security is Everyone’s Job 24:49

1+ y ago24:49

24:49

In this episode of the Future of Application Security, Harshil speaks with Aruneesh Salhotra, CEO and Fractional CISO, SNM Consulting Inc. They discuss the unique challenges and opportunities of application security in the financial sector, including how the "necessary evil" of regulations is increasing accountability around security efforts. They …

1
EP 55 — BlackBerry's Christine Gadsby on What's Driving Software Supplier Transparency and Accountability 26:21

1+ y ago26:21

26:21

In this episode of the Future of Application Security, Harshil speaks with Christine Gadsby, VP, Product Security at BlackBerry, a software company specializing in cybersecurity. They discuss the new initiatives driving software transparency, like SBOMs and VEX, and how adoption will not only come from regulations but from companies holding their s…

1
EP 54 — LPL Financial's Chad Girouard on Improving Application Security Through Better Tools and Relationships 23:43

1+ y ago23:43

23:43

In this episode of the Future of Application Security, Harshil speaks with Chad Girouard, AVP Application Security at LPL Financial, a provider of investment and business solutions. They discuss how security teams can better engage with developers, and how they can encourage secure coding through scanning tools and security champion programs. They …

1
EP 53 — ReversingLabs's Dave Ferguson on Securing Your Software Supply Chains 24:24

1+ y ago24:24

24:24

In this episode of the Future of Application Security, Harshil speaks with Dave Ferguson, Director of Technical Product Management, Software Supply Chain Security at ReversingLabs, which offers software supply chain security analysis platform. They discuss the rising need for software supply chain security as a result of the complexities around how…

1
EP 52 — Gen’s Curtis Koenig on Speaking the Language of Why Security Matters 27:28

1+ y ago27:28

27:28

In this episode of the Future of Application Security, Harshil speaks with Curtis Koenig, Head of Application Security at Gen, a multinational software company that provides cybersecurity software and services. They discuss why it's key to be able to articulate why security matters and how it impacts business goals, and what Curtis has learned abou…

1
EP 51 — Ping Identity’s Arthur Loris on How to Tell Better Stories About Your Product Security Success 27:10

1+ y ago27:10

27:10

In this episode of the Future of Application Security, Harshil speaks with Arthur Loris, Senior Manager, Product Security at Ping Identity, a company that provides self-hosted identity access management (IAM) solutions. They discuss what product security constitutes at Ping Identity, the biggest challenge to great product security, and how security…

1
EP 50 — DryRun Security’s James Wickett on Aligning Incentives and Speaking the Same Language with Developers and Security 31:08

1+ y ago31:08

31:08

In this special episode of the Future of Application Security, recorded at the Developers & Security are Friends Day, Eric speaks with James Wickett, co-founder and CEO of DryRun Security, a company that provides security products for developers. They discuss the misaligned incentives between developers and security and how teams can learn how to s…

1
EP 49 — Semgrep’s Colleen Dai on Building Security Strategies and Relationships with Other Teams 20:14

1+ y ago20:14

20:14

In this special episode of the Future of Application Security, recorded at the Developers & Security are Friends Day, Eric speaks with Colleen Dai, Senior Security Researcher at Semgrep, an open source static analysis tool. They discuss strategies security teams can take to reduce false positives, use secure defaults to eliminate bug classes, and r…

1
EP 48 — Chaotic Good’s Johnathan Kuskos on Testing for Functionality, Priorities, and Better Incident Response 31:10

1+ y ago31:10

31:10

In this special episode of the Future of Application Security, recorded at the Developers & Security are Friends Day, Eric speaks with Johnathan Kuskos, Founder of Chaotic Good Information Security, a boutique professional services company. They discuss what it's like to be a pen tester, some of the unusual things found during testing, and how the …

1
EP 47 — Manicode Security’s Jim Manico on Addressing OWASP Top Ten Issues Through Better Security and Developer Partnerships 26:38

1+ y ago26:38

26:38

In this special episode of the Future of Application Security, recorded at the Developers & Security are Friends Day, Eric speaks with Jim Manico, Founder and CEO of Manicode Security, a secure coding education firm. They discuss the various challenges around certain items on the OWASP Top Ten list, including server side request forgery and access …

1
EP 46 — TuSimple’s Madjid Nakhjiri on the Evolving Need for Automotive Cybersecurity 24:03

2y ago24:03

24:03

In this episode of the Future of Application Security, Harshil speaks with Madjid Nakhjiri, Head of Product Security and Lead Security Architect at TuSimple, a global autonomous driving technology company. They discuss the current landscape of automotive security today, why the industry is expanding its safety initiatives to cyber security initiati…

1
EP 45 — Toast’s David Kosorok on Leading Application Security with Collaboration, Empathy, and Good Data 33:55

2y ago33:55

33:55

In this episode of the Future of Application Security, Harshil speaks with David Kosorok, Director of AppSec at Toast, a restaurant point of sale and management system. They discuss how to build an application security program from the ground up by prioritizing initiatives, establishing security champions, and bringing in great people — and why gat…

1
EP 44 — Workrise’s Tim Kelly on How to Build a Data-Driven Application Security Program 24:06

2y ago24:06

24:06

In this episode of the Future of Application Security, Harshil speaks with Tim Kelly, Director, Security Engineering at Workrise, a technology company with a platform that supports the energy workforce. They discuss the importance of collecting, storing, and analyzing data in order to enhance application security efforts, and how to go about buildi…

1
EP 43 — Avalara’s Derek Samford on Building a Security Culture with Data, Collaboration, Education, and Empathy 35:56

2y ago35:56

35:56

In this episode of the Future of Application Security, Harshil speaks with Derek Samford, Senior Director of Product Security at Avalara, a company that builds cloud-based tax compliance solutions. They discuss Derek's approach to product security, including how his team uses data to drive visibility, how feedback loops can build maturity, and how …

1
EP 42 — Snowflake’s Jacob Salassi on the Science of Product Security 38:00

2y ago38:00

38:00

In this episode of the Future of Application Security, Harshil speaks with Jacob Salassi, Director, Product Security at Snowflake, a cloud computing and data management company. They discuss how Snowflake approaches product security — from what they expect engineers and developers to do, to their risk-based reporting — and why Jacob takes a scienti…

1
EP 41 — SAP’s Helen Oakley on Protecting Human Well-Being by Securing Software Supply Chains 26:07

2y ago26:07

26:07

In this episode of the Future of Application Security, Harshil speaks with Helen Oakley, Lead Architect for Software Supply Chain Security at SAP, which develops enterprise software for business operations. They discuss the need for software supply chain security, especially considering how much of software is open source today, and what the curren…

1
EP 40 — Steve Springett on Solving Software Supply Chain Security and SBOM Challenges 33:58

2y ago33:58

33:58

In this episode of the Future of Application Security, Harshil speaks with Steve Springett. They discuss the broad definition of what software supply chain security is, the implementation of SBOMs after the White House's Executive Order, and how organizations can effectively adopt, operationalize, and use SBOMs. They also discuss the biggest driver…

1
EP 39 — A Modernized and Scalable Approach to Product Security with Origami Risk’s Prajakta Badhe 28:20

2y ago28:20

28:20

In this episode of the Future of Application Security, Harshil speaks with Prajakta Badhe, Head of Product Security at Origami Risk, which provides risk software to the insurance industry. They discuss how product security is different from application security, the ways in which Prajakta evaluates a product’s risk, and why she always gives context…

1
EP 38 — Avalara’s Anthony Ungerman on the Imperative for Security-Minded Organizations 29:34

2y ago29:34

29:34

In this episode of the Future of Application Security, Harshil speaks with Anthony Ungerman, VP Product Security at Avalara, a tax software company. They discuss what product security encompasses beyond application security, how the security team at Avalara works with engineers, and how they articulate business value to increase security implementa…

1
EP 37 — Choosing AppSec Priorities: Software Supply Chain, Code-to-Cloud Business Context and Metrics 55:51

2y ago55:51

55:51

Tanya Janca, Founder of We Hack Purple, and Eric Sheridan, Chief Innovation Officer at Tromzo, join us for a special episode of the Future of Application Security Podcast. This episode was originally recorded as a LinkedIn Live on June 25, 2023. Tanya and Eric discuss how understanding the context in which applications operate is crucial for effect…

1
EP 36 — Highspot’s Joe Basirico on How to Build Security by Buildng Trust 30:58

2y ago30:58

30:58

In this episode of the Future of Application Security, Harshil speaks with Joe Basirico, Senior Director of Product Security at Highspot, a sales enablement platform. They discuss how product security's evolution has increased its focus on relationships and trust-building, why security is like fixing a leaky faucet, and how to prioritize for more e…

1
EP 35 — Streamlining and Accelerating Your Product Security with iHerb’s Mike de Libero 25:21

2y ago25:21

25:21

In this episode of the Future of Application Security, Harshil speaks with Mike de Libero, Director of Product Security at iHerb, an online health and wellness shop. They discuss the ways in which automation helps lighten the workload and creates more consistency, when you need to hire someone for security automation, and what to look for when scal…

1
EP 34 — The Future of AppSec: People, Processes, and Progress with Coalfire’s Warren Kopp 30:00

2y ago30:00

30:00

In this episode of the Future of Application Security, Harshil speaks with Warren Kopp, Application Security Consultant at Coalfire, a cybersecurity advisor. Together they discuss how better application security involves building relationships with the people behind the processes, and why skills like communication, collaboration, and an understandi…

1
EP 33 — Democratizing Security and Implementing Change with Twilio’s Ariel Shin 39:36

2y ago39:36

39:36

In this episode of the Future of Application Security, Harshil speaks with Ariel Shin, Senior Product Security Engineer at Twilio, a company that provides businesses the tools to connect with customers through automated messaging. Ariel shares the story of how she implemented a democratized, centralized vulnerability management program at Twilio, w…

1
EP 32 — Leading with Context - Where Institutional Knowledge Cannot Scale 30:04

2y ago30:04

30:04

In the ever-evolving landscape of application security, organizations face the challenge of effectively scaling and growing their AppSec programs. On this episode of the Future of Application Security podcast, Harshil Parikh interviews Ty Sbano, the CISO of Vercel, who brings years of experience and expertise in the field of cybersecurity. During t…

1
EP 31 — Cloudflare’s Sri Pulla on Building Collaboration and Synergies for Better Product Security 24:55

2y ago24:55

24:55

In this episode of the Future of Application Security, Harshil speaks with Sri Pulla, Director, Application Security at Cloudflare, a company that wants to "build a better internet" through its cloud platform of network services. They discuss how Cloudflare protects its products, uses risk scoring for prioritization and decision making, and why the…

1
EP 30 — C.H. Robsinson’s Jason Espone on Building Business Resiliency Through Application Security 32:10

2y ago32:10

32:10

In this episode of the Future of Application Security, Harshil speaks with Jason Espone, Global Head — Application Security Engineering | Cybersecurity at C.H. Robinson, the world’s most powerful logistics platform allowing customers to ship goods around the world. They discuss the challenges of addressing tech debt at a 117-year-old company, strat…

1
EP 29 — A Conversation on the State of AppSec with Reddit’s Matt Johansen and Semgrep’s Clint Gibler 37:28

2y ago37:28

37:28

In this special edition of the Future of Application Security podcast, Harshil speaks with Matt Johansen, Principal Security Architect at Reddit, a community and content-sharing site, and Clint Gibler, Head of Security Research at Semgrep, an open source static analysis tool. Together they discuss how the world of AppSec has changed, including the …

1
EP 28 — Injecting Better Security into Products and Processes with Dremio’s Emre Saglam 37:00

2y ago37:00

37:00

In this episode of the Future of Application Security, Harshil speaks with Emre Saglam, Head of Security and Compliance at Dremio, a data lakehouse that empowers data engineers and analysts with easy-to-use self-service SQL analytics. They discuss the current state of AppSec, including how to improve security by prioritizing business implications, …

1
EP 27 — Mohit Kalra: How Sprinklr Scales Product Security 36:40

2y ago36:40

36:40

In this episode of the Future of Application Security, Harshil speaks with Mohit Kalra, Vice President of Product Security at Sprinklr, a platform that enables the world's largest enterprises to market, advertise, research, care, and engage consumers. Together, they take a look at the overall management of product security in a SaaS organization th…

1
EP 26 — Derek Fisher: How Envestnet Scales Product Security 38:45

2y ago38:45

38:45

In this episode of the Future of Application Security, Harshil speaks with Derek Fisher, the Head of Product Security at Envestnet, a publicly traded financial technology company that connects people's daily financial decisions with their long-term financial goals. Derek is a highly accomplished professional with an exceptional track record in engi…

1
EP 25 — Navigating the Complex World of Software Supply Chain Security with Schneider Electric’s Cassie Crossley 39:23

2y ago39:23

39:23

In this podcast episode of the Future of Application Security, Harshil speaks to Cassie Crossley, VP of Supply Chain Security at Schneider Electric, a global specialist in energy management and automation, Cassie is responsible for overseeing the cybersecurity strategy and ensuring the security of the company's products and services. With a wealth …

1
EP 24 — Innovating Application Security with Industry Expert Eric Sheridan 29:23

2y ago29:23

29:23

In this special episode of the Future of Application Security, Harshil interviews Eric Sheridan, Tromzo’s recently appointed Chief Innovation Officer. Eric shares his 20-year journey in security, from his teenage encounter with Punters (little apps that would flood the target with AIM messages and knock them offline) to developing innovative securi…

1
Ep 23 — Martin Nystrom: How Lumen Scales Product Security 30:53

2+ y ago30:53

30:53

In this episode, Harshil is joined by Martin Nystrom, Vice President Of Product Security at Lumen. Lumen is the world’s largest provider of communications, network services, and cloud security solutions. The Lumen platform enables companies to capitalize on emerging technologies and next-gen business applications, offering simplified security solut…

1
Ep 22 — How to Find the Right Balance Between Compliance and Security with KnowBe4’s Senior Director of Product Security, Bradley Petzer 28:21

2+ y ago28:21

28:21

KnowBe4 is the world's largest integrated Security Awareness Training and Simulated Phishing platform. KnowBe4’s training program is designed to help organizations address their most pressing IT security issues. With proper security awareness training, teams are able to make better security decisions, and help build a strong security culture within…

1
EP 21 — Red Hat’s Emmy Eide on How To Build A Strong Software Supply Chain Security Program 30:30

2+ y ago30:30

30:30

In this episode, Harshil chats with Emmy Eide, Director of Product Security at Red Hat, a leading provider of open source software solutions that enable enterprises to seamlessly work across various platforms and environments. Emmy shares how she came to lead the team handling software supply chain security at Red Hat, and gives us a look into what…

1
EP 20 — Naomi Buckwalter: Closing the Demand Gap in Cybersecurity and Building Diverse Teams 35:56

2+ y ago35:56

35:56

In this episode, Harshil is joined by Naomi Buckwalter, Director of Product Security at Contrast Security. Contrast Security is an application security platform that helps developers and security teams write secure code and protects business applications against targeted cybersecurity attacks. The Contrast platform is able to effectively identify a…

1
EP 19 — Kevin Paige, CISO: How Supply Chain Company Flexport Scales AppSec 32:31

2+ y ago32:31

32:31

Technology has been growing by leaps and bounds but most supply chain processes for shipping, storing, and trading goods have remained fragmented. Flexport is the first to connect the entire ecosystem of global trade, empowering buyers, sellers and logistics providers to grow and innovate. Flexport’s platform sets a new standard for global trade by…

1
EP 18 — Daniel Wood, CISO: How Unqork Scales Product Security 35:44

2+ y ago35:44

35:44

Unqork is a no-code application platform that helps large enterprises rapidly build complex custom software by completely removing the usual development challenges of a traditional code-based approach. In this episode, Harshil chats with Unqork’s Chief Information Security Officer, Daniel Wood, to learn more about how he’s helped build and scale th…

1
EP 17 — SolarWinds VP of Security Tim Brown: Behind the Scenes of the 2020 SolarWinds Breach 34:45

2+ y ago34:45

34:45

Those in IT, DevOps, and SecOps are all too familiar with the demands of a complex and dynamic technological landscape. For more than two decades, SolarWinds has helped technology professionals and organizations manage and adapt to an ever-expanding ecosystem of IT applications and infrastructure. In this episode, Tim Brown, Vice President of Secur…

1
EP 16 — Mukund Sarma: How Chime Built a Scalable Product Security Program 36:56

2+ y ago36:56

36:56

Chime, one of the fastest growing players in the financial technology space, has a mission of providing financial stability for their customers by eliminating many of the issues that come with traditional banking. In today’s episode, Mukund Sarma, Director of Product Security at Chime, shares how he helps his team address the challenges in building…

1
EP 15 — Tejpal Garhwal: How Pegasystems Scales AppSec 33:07

2+ y ago33:07

33:07

Pegasystems’ Pega Platform is a powerful low-code platform for AI-powered decisioning and workflow automation. The platform makes it easier for enterprises to work smarter, unify experiences, and quickly adapt. As a publicly traded company with a multi-billion dollar market cap, more than 6,000 employees, and a global customer base, security is cri…

1
EP 14 — Mark Stanislav: How FullStory Continuously Measures and Improves Its Product Security Maturity 37:48

2+ y ago37:48

37:48

FullStory’s mission is to equip organizations with the information they need to deliver perfect digital experiences. To deliver on that mission, their platform captures customer experience data based on understanding browser interactions. In order to capture that data, it must have a position on the end user’s browser which requires a high level of…

1
Ep 13 — Daniel Harvey: How to Shift from Application Security to Product Security 28:10

2+ y ago28:10

28:10

The pace of software development has increased dramatically over the past ten years and the traditional approach to application security has struggled to keep up. With modern development going from code to cloud within hours, manual security checks and code reviews run the risk of slowing down releases and creating more tension between developers a…

1
EP 12 — Rajat Bhargava: How Stripe Built a Highly Scalable AppSec Program 28:23

3y ago28:23

28:23

Stripe is the most valuable private startup in the United States with a market valuation of more than $95 billion. With more than 2 million customers spread across 46 countries and nearly 10,000 employees, the scale of Stripe is hard to fathom. To retain its position as the market leader, Stripe must continue to rapidly ship new products while at t…

1
EP 11 - Anshuman Bhartiya: Lessons From Building Thirty Madison’s Product Security Program 40:17

3y ago40:17

40:17

Thirty Madison is a healthcare technology company that offers direct-to-consumer healthcare and wellness products for people living with chronic conditions. Founded in 2017, the company has raised over $200 million in funding and has more than 400 employees. As a healthcare company with millions of customers, Thirty Madison has the responsibility o…