))
Chris Romeo and Robert Hurlbut dig into the tips, tricks, projects, and tactics that make various application security professionals successful. They cover all facets of application security, from threat modeling and OWASP to DevOps+security and security champions. They approach these stories in an educational light, explaining the details in a way those new to the discipline can understand. Chris Romeo is the CEO of Devici and a General Partner at Kerr Ventures, and Robert Hurlbut is a Prin ...
…
continue reading
Mike Thayer is Money Man Mike!
…
continue reading
Welcome to Powering Procurement, a podcast by Atamis, where we delve into the rapidly evolving world of procurement. In each episode, we feature in-depth conversations with industry leaders, technology innovators, and procurement professionals who share their insights on how digital technologies, AI, and data-driven decision-making are shaping the procurement landscape. Join us to gain actionable strategies and tools to enhance your procurement processes, reduce costs, and drive better decis ...
…
continue reading
1
How Admiral Transformed Procurement Into a Strategic Powerhouse with Chris McLellan
46:25
46:25
Play later
Play later
Lists
Like
Liked
46:25
In this episode of Powering Procurement, hosts Sian Lloyd and Gareth Burch sit down with Chris McLellan, Group Head of Procurement at Admiral Group, Wales’ only FTSE 100 company. Together, they explore critical challenges in modern procurement risk management. What You’ll Learn How to balance speed and due diligence through effective supplier segme…
…
continue reading
1
The 4 Ps That Will Future-Proof Your Procurement with Milind Tailor
43:34
43:34
Play later
Play later
Lists
Like
Liked
43:34
In this episode of Powering Procurement, hosts Sian Lloyd and Travis Crouch sit down with Milind Tailor, Global Head of Resale Products and Services Procurement at Diebold Nixdorf. Together, they navigate "The 4 P's of Procurement" framework: Purpose, People, Planet, and Performance, as well as how AI, sustainability, and skill transformation are r…
…
continue reading
1
The Truth About Supplier Relationships in Procurement with Sabrina Kelly
32:25
32:25
Play later
Play later
Lists
Like
Liked
32:25
In this episode of Powering Procurement, hosts Sian Lloyd and Travis Crouch sit down with Sabrina Kelly, Contracts Management Specialist and Founder and Managing Director of B Plus Management Consultancy. Together, they explore the delicate balance between supplier collaboration and performance accountability, the transformative potential of AI in …
…
continue reading
1
Javan Rasokat and Andra Lezza -- When Chatbots Go Rogue - Lessons Learned from Building and Defending LLM Applications
47:31
47:31
Play later
Play later
Lists
Like
Liked
47:31
Andra Lezza and Javan Rasokat discuss the complexities of securing AI and LLM applications. With years of experience in Application Security (AppSec), Andra and Javan share their journey and lessons from their DEF CON talk on building and defending LLMs. They explore critical vulnerabilities, prompt injection, hallucinations, and the importance of …
…
continue reading
1
Jim Routh -- The CISO Transition to the rest of life
49:36
49:36
Play later
Play later
Lists
Like
Liked
49:36
Former CISO Jim Routh discusses his perspective on retirement and career fulfillment in cybersecurity. Rather than viewing retirement as simply stopping work, Routh describes his three-filter approach: working only with people he respects and admires, doing only work he finds fulfilling, and controlling when he works. He shares valuable lessons lea…
…
continue reading
1
Building Net Zero Supply Chains with Collaboration: Insights from Oliver Hurrey
46:42
46:42
Play later
Play later
Lists
Like
Liked
46:42
In this episode of Powering Procurement, hosts Sian Lloyd and Gareth Burch sit down with sustainability expert Oliver Hurrey to explore the intersection of procurement and environmental responsibility. They discuss supplier engagement, data-driven solutions for scope three emissions, AI’s role in sustainability, and the importance of biodiversity. …
…
continue reading
1
Henrik Plate -- OWASP Top 10 Open Source Risks
38:26
38:26
Play later
Play later
Lists
Like
Liked
38:26
Henrik Plate joins us to discuss the OWASP Top 10 Open Source Risks, a guide highlighting critical security and operational challenges in using open source dependencies. The list includes risks like known vulnerabilities, compromised legitimate packages, name confusion attacks, and unmaintained software, providing developers and organizations a fra…
…
continue reading
1
Tanya Janca -- A Secure SDLC from a Developer's Perspective
48:54
48:54
Play later
Play later
Lists
Like
Liked
48:54
Security expert Tanya Janca discusses her new book "Alice and Bob Learn Secure Coding" and shares insights on making security accessible to developers. In this engaging conversation, she explores how security professionals can better connect with developers through threat modeling, maintaining empathy, and creating inclusive learning environments. …
…
continue reading
1
Why Procurement Deserves a Seat at the Strategic Table with Nadia Stoykov
51:51
51:51
Play later
Play later
Lists
Like
Liked
51:51
In this episode of Powering Procurement, hosts Sian Lloyd and Gareth Burch are joined by Nadia Stoykov, Chief Procurement and Supply Chain Officer at Tesca Group, to share her unconventional journey from law to procurement, why procurement deserves a seat at the strategic table, and how companies can unlock massive value by rethinking their procure…
…
continue reading
1
Mehran Koushkebaghi -- Security as a Systemic Concern: How to develop Anti-Requirements
45:08
45:08
Play later
Play later
Lists
Like
Liked
45:08
Mehran Koushkebaghi, a seasoned engineering expert, delves into the intricacies of systemic security. He draws parallels between civil engineering and IT systems, and explains the importance of holistic thinking in security design. Discover the difference between semantic and syntactic vulnerabilities and understand how anti-requirements play a cri…
…
continue reading
1
Kalyani Pawar -- Shaping AppSec at Startups
39:52
39:52
Play later
Play later
Lists
Like
Liked
39:52
Kalyani Pawar shares critical strategies for integrating security early and effectively in AppSec for startups. She recommends that startups begin focusing on AppSec around the 30-employee mark, with an ideal ratio of one AppSec professional per 10 engineers as the company grows. Pawar emphasizes the importance of building a security culture throug…
…
continue reading
1
How Procurement Can Save a Bankrupt City with John Coyne
41:21
41:21
Play later
Play later
Lists
Like
Liked
41:21
In this episode of Powering Procurement, hosts Sian Lloyd and Gareth Burch are joined by John Coyne, Director of Commercial and Procurement at Birmingham City Council. Together, they dive into John's decades-long career, the power of procurement in driving social and economic impact, his vision for Birmingham’s future, and why AI and data are the n…
…
continue reading
1
AI, Diversity, and Strategies for Procurement Recruitment with Procurement Heads’ Amy Anslow
41:41
41:41
Play later
Play later
Lists
Like
Liked
41:41
In this episode of Powering Procurement, hosts Sian Lloyd and Gareth Burch are joined by Amy Anslow, Principal Consultant at Procurement Heads. Together, they dive into Amy's journey into procurement recruitment and her insights into the evolving landscape of the industry. She highlights the importance of attracting top talent, tackling challenges …
…
continue reading
Milan Williams discusses the importance of application security metrics and how to make them both meaningful and actionable. She explains that metrics are crucial for tracking progress in what can often feel like an overwhelming security landscape, and they're valuable for career advancement and securing resources. We discuss metrics categories and…
…
continue reading
1
MO Sadek -- Building an AppSec Program from Scratch
48:50
48:50
Play later
Play later
Lists
Like
Liked
48:50
Mo Sadek shares his unique journey of building an Application Security program from scratch at Roblox. Mo discusses his unconventional path, including temporarily joining the infrastructure team to truly understand engineering challenges. He emphasizes that security isn't about mandating rules, but about making processes easier and more secure by d…
…
continue reading
1
Innovating Public Procurement Practices with Jane Lynch
45:51
45:51
Play later
Play later
Lists
Like
Liked
45:51
In this episode of Powering Procurement, hosts Sian Lloyd and Gareth Burch are joined by Jane Lynch, Director of the Centre of Public Value Procurement at Cardiff Business School. Together, they explore how procurement can be a powerful tool for social impact and innovation, how the Well-being of Future Generations Act is shaping public spending in…
…
continue reading
1
Christmas Special: 12 Challenges That Defined Procurement in 2024
33:21
33:21
Play later
Play later
Lists
Like
Liked
33:21
In this special Christmas episode of Powering Procurement, hosts Sian Lloyd and Gareth Burch count down the 12 biggest challenges procurement professionals faced in 2024. With festive cheer and expert insights featuring John Wallace, Kate Stavrides, Emma Scot, and Filip Leonard, they tackle the year's most pressing topics, from navigating the compl…
…
continue reading
1
The Human-Factor in Tech-Driven Procurement with Andra Fola
35:23
35:23
Play later
Play later
Lists
Like
Liked
35:23
In this episode of Powering Procurement, hosts Sian Lloyd and Gareth Burch are joined by Andra Fola, CEO and Procurement Architect of Solutionary Procurement. Together, they discuss Andra’s vision for transforming procurement into a force for global good. From leveraging human superpowers to creating frameworks like the Five Personas, Andra redefin…
…
continue reading
1
Brett Crawley -- Threat Modeling Gameplay with EoP
45:28
45:28
Play later
Play later
Lists
Like
Liked
45:28
Brett Crawley discusses the Elevation of Privilege (EoP) card game, a powerful tool for threat modeling in software development. The discussion explores recent extensions to the game including privacy-focused suits and TRIM (Transfer, Retention/Removal, Inference, Minimization) categories. Crawley emphasizes that threat modeling shouldn't end with …
…
continue reading
1
Using Data to Revolutionise Procurement with Filip Leonard
37:54
37:54
Play later
Play later
Lists
Like
Liked
37:54
In this episode of Powering Procurement, hosts Sian Lloyd and Gareth Burch are joined by Filip Leonard, Group Head of Supply Chain, Procurement, and Social Value at Maximus UK. Together, they dive into the strategic changes Filip is spearheading at Maximus and what he envisions for the future of procurement. With over a decade of experience in both…
…
continue reading
1
Getting Ready for the Procurement Act 2023: What You Need To Know with Lisa Stubbs
39:21
39:21
Play later
Play later
Lists
Like
Liked
39:21
In this episode of Powering Procurement, hosts Sian Lloyd and Gareth Burch are joined by Lisa Stubbs, Head of Open and Transparent Contracting at Cabinet Office. Together, they discuss how the Procurement Act (TPP) will transform UK public procurement, enhance transparency, and support small and medium-sized enterprises (SMEs). Lisa began her caree…
…
continue reading
1
Matin Mavaddat - Understanding Security as a Systemic Concern: The Role of Anti-Requirements
50:20
50:20
Play later
Play later
Lists
Like
Liked
50:20
Matin Mavaddat discusses his perspective on security as a systemic concern, developed from his background in requirements engineering and systems architecture. He introduces the concept of "anti-requirements" - defining what a system should not do - and distinguishes between "syntactic security" (addressing technical vulnerabilities that are always…
…
continue reading
1
The Future of Procurement Leadership with Savita Mace
53:27
53:27
Play later
Play later
Lists
Like
Liked
53:27
In this episode of Powering Procurement, hosts Sian Lloyd and Gareth Burch are joined by Savita Mace, the Chief Procurement Officer for University Hospitals Sussex NHS Foundation Trust. Together they explore the critical role of risk management in procurement, the transformative impact of technology, and the importance of mentoring the next generat…
…
continue reading
Kayra Otaner joins the podcast today to discuss DevSecOps and answer the question, is it dead? Kayra is the Director of DevSecOps at Roche and is highly involved in the DevSecOps community. Kayra states that DevSecOps in its traditional form is “dead” and that each organization should approach its needs based on their size. Otaner introduces the co…
…
continue reading
1
François Proulx - Arbitrary Code Execution 0-day in Build Pipeline of Popular Open Source Packages
45:31
45:31
Play later
Play later
Lists
Like
Liked
45:31
François Proulx shares his discovery of security vulnerabilities in build pipelines. Francois has found that attackers can exploit this often overlooked side of the software supply chain. To help address this, his team developed an open source scanner called Poutine that can identify vulnerable build pipelines at scale and provide remediation guida…
…
continue reading
1
How Procurement Drives Value in Social Housing with John Wallace
41:27
41:27
Play later
Play later
Lists
Like
Liked
41:27
In this episode of Powering Procurement, hosts Sian Lloyd and Gareth Burch are joined by John Wallace, Director of Procurement at Clarion Housing Group. Together, they navigate procurement challenges in social housing, how Clarion is driving social value beyond cost, the role of sustainability in social housing procurement, and how procurement can …
…
continue reading
