Insights from recent episode analysis
Audience Interest
Podcast Focus
Publishing Consistency
Platform Reach
Insights are generated by CastFox AI using publicly available data, episode content, and proprietary models.
Most discussed topics
Brands & references
Est. Listeners
Insufficient chart data. Estimates will improve as the show charts.
- Per-Episode Audience
Est. listeners per new episode within ~30 days
N/A🎙 Weekly cadence·91 episodes·Last published 6mo ago - Monthly Reach
Unique listeners across all episodes (30 days)
N/A - Active Followers
Loyal subscribers who consistently listen
N/A
Market Insights
Platform Distribution
Reach across major podcast platforms, updated hourly
Total Followers
—
Total Plays
—
Total Reviews
—
* Data sourced directly from platform APIs and aggregated hourly across all major podcast directories.
On the show
From 1 epsHosts
Recent guests
No guests detected in recent episodes.
Recent episodes
Part 6: AI in Threat Modeling & The Future of Security by Design
Dec 2, 2025
28m 19s
Part 5: Tools That Fit — Threat Modeling Without the Bloat
Nov 25, 2025
27m 32s
Part 4: Bridging the Gap Between Security and Development
Nov 18, 2025
29m 03s
Part 3: Why Threat Modeling Fails (and How to Make It Stick)
Nov 11, 2025
26m 12s
Part 2: From Whiteboards to AI - The Evolution of Threat Modeling
Oct 7, 2025
17m 26s
Social Links & Contact
Official channels & resources
Official Website
Login
RSS Feed
Login
| Date | Episode | Topics | Guests | Brands | Places | Keywords | Sponsor | Length | |
|---|---|---|---|---|---|---|---|---|---|
| 12/2/25 | Part 6: AI in Threat Modeling & The Future of Security by Design✨ | AI in threat modelingdeveloper-led security+3 | — | DeviciSecurity Compass | — | threat modelingAI+3 | — | 28m 19s | |
| 11/25/25 | Part 5: Tools That Fit — Threat Modeling Without the Bloat | Not all tools are created equal. Chris and Trevor compare common approaches — from free tools to heavyweight enterprise platforms — and share guidance on what to look for in the right solution. Takeaways: When Microsoft TMT is enough — and when it’s not. Pros and cons of enterprise platforms like IriusRisk/ThreatModeler. How to measure ROI in terms of risk reduction and developer adoption. Echoes Devici’s “Threat modeling without the bloat” message. | 27m 32s | ||||||
| 11/18/25 | Part 4: Bridging the Gap Between Security and Development | Security teams and developers don’t always speak the same language. This episode explores how to make threat modeling a true “team sport” that fits naturally into developer workflows. Takeaways: Collaboration techniques that work. How diagram-first modeling closes the communication gap. Making outputs actionable for developers. Highlights Devici’s real-time collaboration + built-in libraries. | 29m 03s | ||||||
| 11/11/25 | Part 3: Why Threat Modeling Fails (and How to Make It Stick) | Many threat modeling efforts fall flat. Chris uncovers the common reasons — from cultural pushback to lack of developer adoption — and shares proven strategies for success. Takeaways: The most common pitfalls (and how to avoid them). Embedding consistency across security teams. Scaling without adding headcount. Supports Devici’s “Smarter, simpler threat modeling” positioning. | 26m 12s | ||||||
| 10/7/25 | Part 2: From Whiteboards to AI - The Evolution of Threat Modeling | Threat modeling has evolved from sketches on a whiteboard to AI-enabled, diagram-first platforms. This episode explores how teams can modernize without the complexity of bloated enterprise tools. Takeaways: Why manual and siloed approaches fail at scale. The rise of diagram-driven threat modeling. Where AI fits today — and what’s hype vs. real. Reinforces Devici’s value as simple, intuitive, and forward-looking. | 17m 26s | ||||||
| 9/29/25 | Part 1: Getting Started with Threat Modeling — Simplifying the Start | Threat modeling can feel overwhelming, but it doesn’t have to be. Chris and Bruce break down who needs to be involved, what roles matter most, and how to start small without losing impact. Takeaways: Key players to engage: architects, AppSec leads, developers, exec sponsors. How to secure buy-in and avoid resistance. Practical first steps to launch a repeatable practice. Aligns with Devici’s “Security by Design starts somewhere — start fast” message. | 24m 17s | ||||||
| 12/5/22 | Shaun Mckeag - Behind Application Security | Today we are joined by Altaz Valani from Security Compass and Shaun Mckeag, Principal Software Engineer at Gen Digital, to talk about her personal journey in software development and security. Many listeners are either trying to get into secure software development, or have graduated from a program that teaches security and software development, or perhaps recently transitioned from a different role. It’s nice to have someone with years of experience in the field to give some perspective, guidance, tips, and encouragement. Listen in as Shaun shares her personal journey that will inspire and help those of us who are newer to the secure software space. Useful links from this podcast: https://www.linkedin.com/in/shaunmckeag/ https://nakedsecurity.sophos.com/podcast/ https://www.sans.org/blog/ https://www.devseccon.com/the-secure-developer-podcast https://darknetdiaries.com/ https://owasp.org/events/#AppSec%20Days https://devcon.org/ https://www.blackhat.com/ | 23m 53s | ||||||
| 11/8/22 | Pranshu Bajpai - Use Training to Influence Your Developers With Embracing Security | Today we are joined by Altaz Valani from Security Compass and Pranshu Bajpai, Security Architect at Motorola Solutions, to talk about the use of application security training to influence developers toward embracing security. Many developers are eager to learn about security but they need help. Developers move very fast because their performance is often measured around release frequency. All of this is happening while developers have to keep up with continually evolving frameworks and tools. It is possible for security teams to influence developers without getting in their way. | 26m 46s | ||||||
| 9/12/22 | Simone Curzi - Developer Centric Threat Modeling | Today we are joined by Altaz Valani from Security Compass and Simone Curzi, Principal Consultant at Microsoft, to talk about the role of developers within threat modeling. When we mention threat modeling, what often comes to mind are data flow diagrams created during a security design process. After these diagrams are created and eventually hit the developer backlog, we discover more insights that further evolve the security design. In this way, developers are crucial to an evolving threat model activity. Yet, many questions exist. We try to answer some of those developer questions related to threat modeling. Useful links from this podcast: https://simoneonsecurity.com/ https://threatsmanager.com/ https://www.threatmodelingmanifesto.org/ https://cve.mitre.org/ https://cwe.mitre.org/ | 30m 47s | ||||||
| 8/31/22 | Jason Keirstead - Standardizing on Security Tool Integrations | Today we are joined by Altaz Valani from Security Compass and Jason Keirstead, Distinguished Engineer & Chief Technical Officer of Threat Management at IBM as well as Co-Chair of Open Cybersecurity Alliance. Security tool integrations are largely custom efforts today. That investment alone prevents loose coupling of our security tool architectures and timely delivery of security insights to key decision makers. Jason shares his insights on the work going on at Open Cybersecurity Alliance (OCA) to help solve this problem. The holy grail of an integrated security fabric that shares information across a toolchain can transform our ability to rapidly adapt to a changing threat landscape and allow for early detection of threat actor behavior. Jason shares his vision of how everyone can play a part in making this a reality, from customer procurement to vendor adoption of security standards. | 28m 24s | ||||||
Want analysis for the episodes below?Free for Pro Submit a request, we'll have your selected episodes analyzed within an hour. Free, at no cost to you, for Pro users. | |||||||||
| 6/30/22 | Vaibhav Garg - Developer Centric Threat Modeling | Today we are joined by Vaibhav Garg, Executive Director, Cybersecurity & Privacy Research and Public Policy at Comcast, to talk about developer-centric threat modeling. We start by looking at ways to make threat modeling more appealing to developers. We discuss how a security team can help developers participate in threat modeling in the midst of continual change with both development and security teams. Ultimately, a threat modeling program is only as effective as the value it offers to a diverse group of stakeholders. We discuss how to measure and align the value of threat modeling across project, program, and executive levels. We conclude with Vaibhav’s thoughts about where he thinks developer-centric threat modeling is heading over the next 12 to 18 months. | 22m 04s | ||||||
| 5/20/22 | Krish Raja - Bringing Developers Into Your Threat Modeling Program | Today we are joined by Altaz Valani from Security Compass and Krish Raja, Managing Director at Kroll Cyber Risk division, to talk about developer-centric threat modeling. We will start by discussing how threat modelers can help developers. We then discuss how to define the value of a threat modeling program and common pitfalls when creating such a program. We close off by discussing where threat modeling is headed in the future. | 15m 51s | ||||||
| 3/28/22 | Simone Curzi - The Challenge of Integrating Threat Modeling into DevOps | Today we are joined by Simone Curzi, Principal Consultant at Microsoft, to talk about some of the challenges we face today with conducting threat modeling. We will discuss how value creation in threat modeling is tied to the developer community and, ultimately, to the business. Our discussion will then look at how threat modeling must continue to evolve in light of our DevOps delivery cycles. We will conclude with a brief discussion on how organizations can operationalize a threat modeling practice. | 16m 14s | ||||||
| 3/21/22 | Spencer Koch - The Importance of a Good Threat Modeling Practice | Today we are joined by Spencer Koch, Offensive Security Professional at Reddit, to talk about building a threat modeling practice. We will examine when threat modeling should be done and the associated challenges. We will then turn our attention to the connection between threat modeling and secure coding in the developer space. In conclusion, we will explore some measures of success and where threat modeling is headed as the practice continues to add value and adapt to a changing software development paradigm that is more agile and cross-functional. | 13m 59s | ||||||
| 3/15/22 | Kyle Lai - Managing the Change From CMMC 1.0 to CMMC 2.0 | Today we are once again joined by Kyle Lai, Founder and CISO of KLC Consulting, to talk about CMMC. We will start by discussing the differences between CMMC 1.0 and CMMC 2.0 and discuss the timeline for CMMC 2.0 rulemaking. Our discussion will also look at CMMC 2.0 both from an assessor’s perspective and a Defense contractor’s perspective. Specifically, how an assessor should manage the change if they are already invested in CMMC 1.0 and next steps for a Defense contractor to do before CMMC 2.0 rulemaking is complete. CMMC impacts a broad ecosystem and being aware of the changes can help organizations prepare for the transition. | 16m 32s | ||||||
| 12/23/21 | Kim Wuyts - Privacy Threat Modeling with LINDDUN | Today we are joined by Kim Wuyts from KU Leuven, to talk about privacy threat modeling. We will start by discussing what LINDDUN is and the difference between privacy threat modeling and security threat modeling. We will then discuss how a framework like LINDDUN can be used in DevSecOps pipelines as part of an evolving knowledge base. For those who wish to provide feedback to the LINDDUN team, Kim will share some ways that you can reach out to her team. Privacy is a critical part of our software that is often neglected. With new regulations and standards emphasizing both privacy and security, we need a consistent approach to help guide policy creation and software development activities. | 10m 20s | ||||||
| 12/20/21 | Nick Deshpande - Data Governance | Today we are joined by Nick Deshpande to talk about data governance and security. We will start by introducing the concept of data governance and the business importance of data governance. We will dig deeper and discuss who is responsible for creating and managing a data governance program. When looking at data governance as an enabler, we will turn our attention to three use cases: DevSecOps, Threat Modeling, and Zero Trust. In concluding, Nick will share his thoughts on where he sees data governance evolving over the next 12-18 months. | 17m 05s | ||||||
| 12/17/21 | Kyle Lai - Complying With CMMC | Today we are joined by Kyle Lai, Founder and CISO of KLC Consulting, to talk about CMMC. We will start by discussing the governance and ownership aspects of CMMC. Once a CMMC program has kicked off, teams usually have to overcome some challenges. We will discuss the top challenges with achieving CMMC compliance. In an era of DevSecOps, we will turn our attention to the importance of automation and conclude by discussing the impact of CMMC in the near future. | 17m 51s | ||||||
| 11/29/21 | K Royal - Think about User Privacy When Developing Your Software | Today we are joined by K Royal, Associate General Counsel & DPO of TrustArc, to talk about Software Development and Privacy. We will start by discussing what the intersection of privacy and software development looks like. We will examine the essential competencies required to produce privacy compliant software and touch on automated privacy checking in the context of DevSecOps pipelines. We will conclude by discussing where privacy is headed in the next 12-18 months. Producing privacy compliant software is becoming increasingly important in light of government regulations. | 22m 49s | ||||||
| 11/19/21 | Mark Simos - Using Security Reference Architectures | Today we are joined by Mark Simos, Lead Cybersecurity Architect at Microsoft, to talk about leveraging security reference architectures to operationalize security. We will talk about our current context and the democratization of security and DevOps across the enterprise. Since security touches so many parts of the organization, this is where the role of security reference architectures becomes critical in creating an onramp for cross-functional teams. They help coordinate activities and programs against measurable business outcomes. We will conclude by looking forward to the next 18-24 months and what to expect. #podcast #cybersecurity | 7m 57s | ||||||
| 11/12/21 | Michael Isbitski - Executive Overview on Securing Your APIs | Today we are joined by Michael Isbitski, Technical Evangelist at Salt Security, to talk about API Security. Our systems and platforms today are largely driven by API integrations. We will start by discussing ownership of API security in an organization. This will lead into a discussion about convincing a business stakeholder to invest in API security. Given how complex our applications are today, we will talk about some of the biggest challenges with securing our APIs. As security paradigms continue to evolve, we have gone from perimeter based security to Zero Trust. We will conclude by discussing how API security fits into Zero Trust. | 19m 07s | ||||||
| 10/29/21 | Carmichael Patton - Lessons from Zero Trust Implementations | Today we are joined by Carmichael Patton, Senior Security Architect at Microsoft, to talk about Zero Trust. We will talk about the value proposition along with ownership and accountability for a Zero Trust program. It is important that Zero Trust aligns with business priorities. We will also discuss the rollout of Zero Trust and some important lessons learned from previous implementations. | 11m 15s | ||||||
| 10/15/21 | Rob Akershoek - The Importance of a Security Reference Architecture | Today we are joined by Rob Akershoek from DXC, to talk about security reference architectures. We will start by discussing why we need a security reference architecture. This will lead us into governance and who is responsible for creating a security reference architecture. Since we don’t have a standard security reference architecture in the industry, we will explain how to start creating a security reference architecture. In conclusion, we will share some of the work being done by The Open Group around security reference architectures. | 12m 57s | ||||||
| 9/30/21 | Mark Timms - The Human Side of Cyber Security | Today we are joined by Mark Timms, Senior Manager, Cybersecurity Education & Awareness Behavioural Science at RBC, to talk about the human side of cyber security. We will talk about what motivates people to embrace a security program and what triggers drive the intended behavior. Building a security culture takes intentionality and a coordinated set of activities that focuses on the person. We will conclude with a consideration on how we should think about measuring the outcome. Cyber security is top of mind for many organizations and understanding the human side will help to drive meaningful programs that align with personal and organizational motivations. | 11m 42s | ||||||
| 9/17/21 | Leaders in Product Security - Clay Carter | In this episode, Clay Carter talks about product security in our critical infrastructure- specifically, water! Clay discusses the unique challenges and opportunities of product security in the water industry, the intersection with business partners like safety, importance of domain expertise, and the effect of seeing the products you help secure impact your day to day life. | 10m 49s | ||||||
Showing 25 of 91
Pitch Fit is a Pro feature
See how bookable this show is for guests, which brands already advertise, the per-episode ad value, and the best-fit guest and sponsor profile. The numbers are blurred on the free plan.
How readily this show books outside guests like you.
How proven this show is for host-read sponsorships.
For Guests
ProFor Advertisers
ProUpgrade to Pro to unlock guest cadence, sponsor categories, fit scores, and per-episode ad value for this show.