Episode Summary

Scott Contini has a PhD in cryptography with more than a dozen research publications, and has spent the last 15 years focused on solving real-world security problems. After switching from academia to industry in 2008, Scott has identified hundreds of cryptographic implementation flaws across the world, written widely read blogs on common coding mistakes, and contributed significantly to the 2021 OWASP Top 10 topic of Cryptographic Failures. He joins Cole Cornford to discuss how cryptography often goes wrong in practice, why secure-by-default APIs are reshaping security today, and the importance of clear communication and community-building in advancing the field. Scott also shares stories from working alongside legendary figures in cryptography, and offers advice for anyone looking to build a sustainable and impactful security career.

Timestamps

00:20 - Scott’s background in cryptography and transition to AppSec

02:00 - Moving from theory to real-world security challenges

05:00 - Common cryptography mistakes in the industry

07:50 - Why using the wrong encryption modes leads to vulnerabilities

10:10 - How Java’s cryptography design led to widespread issues

14:40 - The rise of secure-by-default APIs in cryptography

17:00 - Stories from working with cryptographic legends

22:00 - Improving advice in the OWASP community

27:50 - The value of writing and public speaking in AppSec careers

33:00 - Advice for newcomers in security: think like an attacker and keep learning

Mentioned in this episode:

Call for Feedback