Episode Summary: Application Paranoia S6EP1

In the Season 6 premiere of Application Paranoia, hosts Colin Bell, Rob Cuddy, and Kris Duer kick off a new theme: debunking the top 10 myths about application security—one myth per episode.

They warm up with some lighthearted commentary on new workplace trends like “coffee badging” and the rise of “corp core” attire before diving into a fascinating conversation with Kinny Chan, Chief Commercial Officer at Trust Stamp.

Kinny shares his unique career journey from law to the cutting edge of digital identity and privacy, explaining how electronic discovery evolved from paper documents to complex digital evidence, and the challenges of handling sensitive data in litigation.

The discussion then pivots to the core topic of digital identity in an age where emails, chats, and advanced AI can fake voices and images. Kinny highlights the critical role of biometrics—like facial, palm, and gait recognition—while unpacking the challenges of ensuring liveness and authenticity.

The conversation tackles the limitations of current authentication methods (passwords, devices, biometrics), the risks of centralized identity systems, and the promise of decentralized solutions for greater privacy and control. Kinny also introduces Trust Stamp’s innovative approach of using biometric tokens and data shards to enhance both security and user privacy.

For listeners seeking practical advice, the episode covers essential tips for protecting your digital identity: monitoring your credit report to combat synthetic identity fraud, using unique email addresses, and educating children and grandparents about the dangers of deepfakes and the importance of verification.

The episode concludes with Kinny’s emphasis on using a combination of something you know, something you have, and something you are for strong authentication—and the urgent need to keep evolving digital identity protections as technology rapidly advances.

Key Takeaways:

• Digital identity is increasingly complex due to new technologies and AI.
• Biometrics offer promise but also introduce new challenges.
• Decentralized identity solutions may offer better privacy and control.
• Practical tips: monitor credit reports, use unique emails, and educate about deepfakes and verification.

Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another insightful application paranoia session.

In this  episode our special guest is Mark Spears.

Mark is currently a Principal Security Consultant at Solis Security. Having fulfilled significant time as a network defender and vCISO dealing with writing and testing InfoSec Programs and dealing with auditors and endless reporting, he has now re-focused his time on Penetration Testing to get his fill of offensive security operations. So Red Pill or Blue Pill?

A lot of his most recent education and skill focus has been on helping companies with their Web Application security through Secure-SDLC practices including configuration of Web Application Firewalls and Zero Trust solutions. When not enjoying his work at Solis Security, he can be found practicing physical security, lock picking, social engineering, or hardware hacking. Or, out on a Harley Davidson!

Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another insightful application paranoia session.

In this episode the interviewvers be come the interviewd as David Rubinstien interviews  Colin, Rob and Kris for his recent SD times articale on  Discerning reality from the hype around AI. You can read his article here at the following link

https://sdtimes.com/ai/discerning-reality-from-the-hype-around-ai/

David is the Publishing Director and Editor-in-Chief, SD Times and ITOps Times
Conference Chairman, VSMcon; Improve: Test and Productivity
and  Co-founder and Chief Operating Officer, D2Emerge LLC

Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another insightful application paranoia session.

In this weeks episode our special guest is Tanya Janca who is helping the team discuss all things Security in the Devlopment space. 

Tanya Janca, also known as SheHacksPurple, is the author of ‘Alice and Bob Learn Application Security’. She is also the head of education and community at Semgrep!  As the founder of We Hack Purple, Tanya is bringing her security training to Semgrep customers and beyond. Tanya has been coding and working in IT for over twenty years, won numerous awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an Advisor for NordSec and Katilyst and the Founder of We Hack Purple, OWASP DevSlop, WoSECShe and the very popular #CyberMentoringMonday.  She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion and kindness, which shines through in her countless initiatives.

Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another insightful application paranoia session.

In this weeks episode our special guest is Ray [Redacted] who is helping the team discuss all things Posture Management. 

Ray is a Technologist & researcher for a Fortune 50 corporation and Associate Producer Emeritus of Jack Rhysider’s critically acclaimed hacker podcast “Darknet Diaries.”  “Ray is particularly interested in researching nation state APT activities, and he is known online for being passionate about Mental Health Care issues as it relates to information and cybersecurity.

https://twitter.com/RayRedacted
https://twitter.com/DarknetDiaries

Hey everyone, welcome back to Application Paranoia!  Colin Bell, Rob Cuddy, and Kris Duer are excited to kick off season 5!

For our first episode of 2024, we're joined by a special guest: Mike Khusid! Mike is the new Head of Product Management for HCL AppScan, and he brings a wealth of experience from companies like Codacy, Contrast, Red Hat, Akamai, Veracode, and Zerto. We're thrilled to have him on the show!

In this episode, we're diving deep into the hottest application security trends for 2024.  Get ready for insights from a seasoned pro and buckle up for a season packed with valuable information!

Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another insightful application paranoia session.

In this weeks episode our special guest is Ken Fanger who is an  acclaimed speaker, author, and cyber security expert, who is focused on making a better world with less fear and more function. 

Ken's current campaign is to "humanize security," a fundamental change toward a more holistic approach to cyber resilience and recovery.  Ken is also one of fewer than 2,000 people to hold the designation of CMMC-RP (Cybersecurity Maturity Model Certification Registered Practitioner), helping businesses with federal contracts to meet the new Department of Defense cybersecurity standards. 

Ken also has a new book that was released this past summer called Relax A Guide to True Cybersecurity which is available through Amazon.

The team also outline the Words of 2023.  

Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another insightful application paranoia session.

In this weeks episode our special guest is Pete Morgan who is a leading expert in cloud security and compliance. He is the co-founder and CSO of Phylum (https://www.phylum.io/), a cloud security company that helps organizations to protect their cloud environments and achieve compliance with industry regulations.

Pete helps unpack some best practices around software supply chain security and outlines how his company Phylum helps organizations contextualize the associated risks from open source.

The team also discuss College Football, the Rugby World Cup, U2 in Las Vegas,  room temperature semiconductors and the invention of starlite https://en.wikipedia.org/wiki/Starlite in the 1980's.

If you are interested in generative AI, we have got a real treat in store for you!.  In this episode we are thrilled to be joined by startup co-founder, self-proclaimed tech geek and corporate, nonprofit and government executive Stephanie Sylvestre.  Stephanie is a Harvard's Advanced Leadership (ALI) fellow and her company, Avatar Buddy, uses generative AI to close the achievement gap and address vexing social justice issues. You can learn more about the awesome work Stephanie is doing to help promote black professionals and places where people can be free to be vulnerable in their journey to wealth by going to https://www.avatarbuddy.ai/products

We also take a few minutes to discuss some of the great new capabilities in the latest versions of AppScan AND you won't want to miss the discussion on some of the most amazing story of "GPS art meets love story" that we have ever heard about

So join us as we dive into Season 4, Episode 5 of Application Paranoia—your ultimate guide to application security, DevSecOps, and the HCL AppScan family. Let's embark on this transformative journey together!

Brace yourselves as we embark on a ground breaking adventure, joined by our esteemed guests, the remarkable Julie Reed our Product Manager for HCL AppScan on Cloud and the insightful Urmi Chatterjee our Static Engine Lead Engineer. Julie and Urmi will take us on a thrilling journey as they introduce the highly anticipated launch of HCL AppScan 360º. Get ready to hear about the cutting-edge technology, unparalleled insights, and expanded AppSec options of this brand new offering. 

So join us as we dive headfirst into Season 4, Episode 4 of Application Paranoia—your ultimate guide to application security, DevSecOps, and the awe-inspiring launch of HCL AppScan 360º. Let's embark on this transformative journey together!

Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another insightful application paranoia session.

In this  episode our team cover the following;

• Digital Transformation & Application Modernization
• Kris's second winter
• May the 4th festival in Malin Head
• and more!

Guest:  Soloman Barghouthi fromCAST Software

We are thrilled to have Solomon as our guest on this episode. With over 15 years of progressive leadership experience, Solomon is a highly credible, customer-centric, and decisive leader who is deeply committed to ensuring customer satisfaction. As a strategic thinker and resourceful problem solver, Solomon has an innate ability to see the big picture and guide clients through their digital transformation journey. He is particularly skilled at building skilled technical Sales teams, and has a proven track record of success in this area.

Solomon is also a trusted advisor and an exceptional communicator with outstanding presentation skills. He has a natural talent for building relationships with both technical and non-technical audiences, even in diverse global environments. His expertise and dedication to customer satisfaction make him an invaluable asset to any team, and we're thrilled to have him as our guest .

Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another insightful application paranoia session.

In this  episode our team cover the following;

• March Maddness review
• Fever treatment experiments
• Worst April Fool of 2023

Rob talks to Stephanie Sylvestre on How to advocate for women in IT

The team talk to John Dickson on all things appsec including;

• SBOM's are not enough
• Supply Chain requirements
• The Pantry problem and how it relates to supply chain
• The impact of developer turnover
• The future of supply chain and CISO influence
• Security Champions
• San Antonio Airport
• What factors are important for students wanting to get into app security

Ref : The State of CISO Influence survey 

Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another insightful application paranoia session.

For our first episode this season we hosted a live session at the Agile Internation Conference in Miami Florida on 9th and 10th March.

Our Panel included  both
James Grenning  (Coach and Agile technical trainer for Wingman software) and
David Ralph (Director of Software Engineering form Allview).

Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another insightful application paranoia session.

In this weeks episode our special guest is Quantum Computing expert André König

André is a published author, speaker and expert on DeepTech with 25 years of Fortune 500, investing and startup experience. He is the CEO of Interference Advisors, the premier BI provider in Quantum Tech,  Chairman of OneQuantum, the leading Quantum Tech community globally with 35K+ members, and Managing Partner of Entanglement Capital, a Quantum Tech investment fund and startup accelerator.

He studied Quantum Computing at MIT (certificates) and holds a MBA in Economics from the University of Chicago Booth School of Business as well as a Masters in Business from ICN School of Management.

Learn more at https://www.andrémkönig.com/ and join the quantum computing community at https://onequantum.org/

His site is: https://www.andrémkönig.com/

Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another application paranoia session.

In this weeks episode the team meet with special guest  Charlotte Chang

Charlotte is a Technology Product Strategist with nearly 20 years of experience. She enjoys working with executives, managers, and teams to create Systems of Compassion that provide a sustainable, humane, inclusive experience for all contributors throughout product development. 

Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another application paranoia session.

In this weeks episode the team meet with special guest  Rick Regueira.  Rick is a seasoned Enterprise & Executive Agile Coach & Trainer, Consultant, Project Manager, and IT professional. He is vastly experienced in leading and mentoring successful Organizational Agile transformations of several fortune 500 companies.

If you would like to personally connect with Rick, you can find him on LinkedIn at https://www.linkedin.com/in/rickregueira/.

If you are interested in connecting with other agile professionals or learning more about agile, visit Transformation Experts at https://www.teculture.com/ and see their events section. Finally, if you would like to attend the next Agile International Conference March 16-17 2023, visit https://www.agileinternational.org/aic-2023

Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another application paranoia session.

In this weeks episode the team meet with special guest  Cody Travis who is a senior application security specialist at HCL Software.  In this Episode the team discuss the post pandemic virtues of hybrid working,  Penetration Testing practices, blockchain and cyrpto investments.

Also find out why it is not good to be considered Cordless.

Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another application paranoia session.

In this weeks episode the team meet with special guest  Zoe Braiterman who is an Information Security Leader, Consultant / Researcher who is passionate about data, startups, blockchain, technology, and of course, cybersecurity.

https://owasp.org/www-committee-wia/

Remember don't be a Lantern !!

Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another application paranoia session.

In this weeks episode the team meet with special guest  Al Wagner who is a senior security architect at HCL Software. Al helps to highlight the benefits of Value Stream mapping  and HCL Accelerate.

The unlikely meeting of Bono, Yoko Ono, and Brian Eno was also discussed
For reference...

https://twitter.com/yokoono/status/1347524447205531648/photo/2

Back for another season Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another application security interview special. 

In this weeks episode the team meet with special guest  Hector Monsegur. Hector is a industry professional with decades of experience, mostly on the offensive side. 

He is currently  Director of Research for Alacrinet where he spends his days working with clients to improve their overall security posture while he works on offensive research and engagements. 

Join us as Hector helps discuss Log4j, Pen testing  evolution and how to get more folks involved in application security.

For reference...
Meat Loaf, a flying wheelchair, and the greatest story ever told | Louder (loudersound.com)

Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another discussion on Application Security, DevSecOps and AppScan. This episode is the season finale for 2021 and the team look back on the many fabulous guests, the  insightful discussions, statistics and of course the best fun facts of the year.

Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another application security interview special. 

In this Episode the team discuss the recent 'Rug Pull' with a fake Squid Game Crypto Currency and they also talk to Philippe Humeau the founder of CrowdSec.

Phillippe is a true Entrepreneur and  CrowdSec is his latest startup founded in 2020. It is a company editing an eponymous open-source massively multiplayer firewall, leveraging both IP behaviour & reputation to create a community and tackle the mass scale hacking problem. 

Find out more about CrowdSec here.... https://crowdsec.net/

Colin Bell, Rob Cuddy and Kris Duer bring you another Application Paranoia episode. This episode has guest Panellist Julie Reed outlining all the more greatness with AppScan on Cloud (ASoC).  The team also address the topic of  William Shatner in Space and Rickrolling a school district.

Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another application security interview special. 

In this Episode the team talk to Dr. Michael Owens who is the BISO at Equifax.

Michael is an innovative, collaborative, and distinguished leader with over 25 years of experience in startup, corporate, government, and military organizations. A transformation leader and sought-after speaker, Michael frequently keynotes on topics related to cybersecurity, cyberwarfare, and national security matters. 

Michael is  also the president and CEO of the U.S. Global Center of Cyber Policy, where he leads the organization in providing federal, state, and local governments with non-partisan thought leadership and expert information and analysis on cybersecurity, cybercrime, and cyberwarfare trends, strategies, and policies from a domestic and international perspective.

Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another discussion Application Security, DevSecOps and AppScan. This episode has guest Panellist Florin Coada discussing  the new technology preview for AppScan Source and what folks can expect going forward  The team also discuss cows in drive throughs,  PSL season, Cats jumping in stadiums and the best bits from the latest GDS Security Summit.