S2E4 - Varun Badhwar

https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/f6/d5/ed/f6d5ed39-c78c-bbc3-9e16-8da9c7df7142/mza_16272558080117222112.jpg/600x600bb.jpg

The Boring AppSec Podcast

28 episodes

6 days ago

In this podcast, we will talk about our experiences having worked at different companies - from startups to big enterprises, from tech companies to security companies, and from building side projects to building startups. We will talk about the good, the bad, and everything in between. So join us for some fun, some real, and some super hot takes about all things Security in the Boring AppSec Podcast.

Technology

RSS

All content for The Boring AppSec Podcast is the property of The Boring AppSec Podcast and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_nologo/40655927/40655927-1736141685828-0e4ce07b90353.jpg

S2E4 - Varun Badhwar

The Boring AppSec Podcast

47 minutes 5 seconds

9 months ago

S2E4 - Varun Badhwar

In Season 2 Episode 4, we talk to Varun Badhwar, Founder & CEO @ Endor Labs. We discuss the current state of application security, the challenges faced by development teams, and the importance of integrating security into the software development lifecycle. Varun shares insights from his previous experiences in building and acquiring cybersecurity companies, emphasizing the need for effective compliance strategies and the balance between platform solutions and best-of-breed tools. In this conversation, Varun Badhwar discusses the evolving landscape of cybersecurity, emphasizing the importance of compliance, product usability, and the integration of AI technologies like LLMs in vulnerability management. He highlights the need for a user-centric approach in AppSec, the challenges of providing context to engineers, and the future implications of AI in security governance. Key Takeaways - Endor Labs aims to make AppSec more engaging and effective. - Many existing AppSec tools create friction between teams. - The future of software development will involve AI-generated code. - Understanding the software supply chain is crucial for security. - Acquisitions in cybersecurity often fail due to integration issues. - Founders must empathize with practitioner pain to build effective products. - Compliance often drives security priorities in organizations. - Effective integration of tools can enhance security outcomes. - The industry needs to focus on enabling faster business operations. - Balancing platform capabilities with best-of-breed tools is essential. - Compliance is essential for sales enablement in cybersecurity. - First-time founders should focus on product and distribution. - User experience and developer experience are critical in AppSec products. - Contextual information is vital for engineers to make informed decisions. - Automation can help reduce noise in security alerts. - Reachability analysis improves visibility in code dependencies. - Impact assessment is crucial for effective vulnerability remediation. - LLMs can assist in reasoning but need rules for effective application. - AI governance is a growing concern in the software development space. - The industry must adapt to the rapid advancements in AI technology. Tune in to find out more! Contacting Varun * LinkedIn: https://www.linkedin.com/in/vbadhwar/ * Endor Labs: https://www.endorlabs.com/ Contacting Anshuman * LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/in/anshumanbhartiya/ * X: ⁠⁠⁠⁠https://x.com/anshuman_bh * Website: ⁠⁠⁠⁠https://anshumanbhartiya.com/ * ⁠⁠⁠⁠Instagram: ⁠⁠⁠https://www.instagram.com/anshuman.bhartiya Contacting Sandesh * LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/in/anandsandesh/ * X: ⁠⁠⁠⁠https://x.com/JubbaOnJeans * Website: ⁠⁠⁠⁠https://boringappsec.substack.com/