From Cryptography to AppSec: Scott Contini on Building Practical Security
Episode SummaryScott Contini has a PhD in cryptography with more than a dozen research publications, and has spent the last 15 years focused on solving real-world security problems. After switching from academia to industry in 2008, Scott has identified hundreds of cryptographic implementation flaws across the world, written widely read blogs on common coding mistakes, and contributed significantly to the 2021 OWASP Top 10 topic of Cryptographic Failures. He joins Cole Cornford to discuss how cryptography often goes wrong in practice, why secure-by-default APIs are reshaping security today, and the importance of clear communication and community-building in advancing the field. Scott also shares stories from working alongside legendary figures in cryptography, and offers advice for anyone looking to build a sustainable and impactful security career.Timestamps00:20 - Scott’s background in cryptography and transition to AppSec02:00 - Moving from theory to real-world security challenges05:00 - Common cryptography mistakes in the industry07:50 - Why using the wrong encryption modes leads to vulnerabilities10:10 - How Java’s cryptography design led to widespread issues14:40 - The rise of secure-by-default APIs in cryptography17:00 - Stories from working with cryptographic legends22:00 - Improving advice in the OWASP community27:50 - The value of writing and public speaking in AppSec careers33:00 - Advice for newcomers in security: think like an attacker and keep learningMentioned in this episode:Call for FeedbackThis podcast uses the following third-party services for analysis: Podtrac - https://analytics.podtrac.com/privacy-policy-gdrpSpotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/
--------
42:16
Engineering Security: Bridging DevOps and AppSec with Jon-Anthoney de Boer
Episode SummaryJon-Anthoney de Boer is the Product Security Lead at Transmax, overseeing security for critical infrastructure that manages traffic flow across Australia. Coming from a strong software engineering background, Jon-Anthoney shares his experience transitioning from traditional engineering into product and application security. He highlights the importance of aligning software engineering and security teams, building trust into the software development lifecycle, and fostering a security culture based on practical strategy rather than superficial metrics. Jon-Anthoney also discusses how behavioural change, organisational alignment, and operational excellence are key to achieving effective, sustainable security outcomes.Timestamps00:32 - Jon-Anthoney’s journey from electrical engineering to product security05:08 - Transitioning from software craftsmanship to cybersecurity09:30 - Why aligned incentives between engineering and security teams matter12:22 - Goodhart's Law: pitfalls of security metrics18:21 - Rethinking cybersecurity strategies beyond tools and compliance25:12 - Building observability into the secure software development lifecycle32:35 - Why executive support is crucial for security initiatives38:34 - Operational excellence: removing waste from security processesMentioned in this episode:Call for FeedbackThis podcast uses the following third-party services for analysis: Podtrac - https://analytics.podtrac.com/privacy-policy-gdrpSpotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/
--------
43:13
Scaling Cyber at Fujitsu: Laura O'Neill on Strategy, Risk and Growth
Episode SummaryIn this episode of Secured, host Cole Cornford chats with Laura O'Neill from Fujitsu Cyber. Laura shares her journey from a pure maths and cryptography background through management consulting into the world of cybersecurity. She explains how she helped grow MF&A from a small team into a 70-person company before its acquisition by Fujitsu. Cole and Laura discuss the challenges of scaling a cyber practice, the importance of professionalising sales and board-level communications, and how embracing diverse, non-traditional talent can transform the industry. Their conversation offers valuable insights into shifting from a compliance-based mindset to a risk-based strategy that truly supports business objectives.Timestamps00:10 - Introduction to Laura O'Neill and her role at Fujitsu Cyber02:27 - Laura recounts her journey from pure maths and cryptography to cybersecurity05:31 - Discussing the rapid growth of MF&A from a small team to 70 staff07:30 - Overcoming scaling challenges through improved processes and support11:23 - Professionalising sales and board-level communications in cyber15:30 - Moving from a compliance-driven approach to a risk-based strategy26:16 - Embracing diversity and non-traditional hiring in cybersecurity31:20 - The value of diverse backgrounds and soft skills in solving security challenges40:43 - The importance of empathy and listening in leadership42:16 - Closing thoughts on security as an enabling function for business successMentioned in this episode:Call for FeedbackThis podcast uses the following third-party services for analysis: Podtrac - https://analytics.podtrac.com/privacy-policy-gdrpSpotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/
--------
44:14
Balancing Compliance and Risk: Kat McCrabb on Cybersecurity for Mission-Driven Organisations
Episode SummaryCole Cornford speaks with Kat McCrabb, founder of Flame Tree Cyber, about navigating cybersecurity compliance and risk, particularly within education, government, and mission-driven organisations. Kat shares insights from her experience in federal government and as CISO at Brisbane Catholic Education, highlighting the strengths and weaknesses of compliance frameworks like Australia's Essential Eight and MITRE ATT&CK. The conversation covers how to effectively communicate cyber risks to stakeholders, align security with organisational priorities, and why prevention beats incident response every time. Kat also discusses strategies for meaningful conversations around funding and shares her perspective on the evolving landscape of security in the age of SaaS and cloud technologies.Timestamps00:59 - Kat’s background and founding Flame Tree Cyber03:10 - Defining mission-driven organisations04:29 - Challenges of prescriptive compliance frameworks (ISM, Essential Eight, DISP)05:41 - Compliance vs meaningful security improvement06:51 - How threat modelling with MITRE ATT&CK helps allocate resources07:35 - Balancing foundational cybersecurity and advanced threat intelligence08:52 - Incident response and the value of understanding threat actors11:46 - Allocating budget and demonstrating security value to executives16:31 - How to effectively request security funding from the board20:00 - Relevance of Essential Eight in modern SaaS environments29:21 - Kat’s role with AISA and building the cybersecurity community in QueenslandMentioned in this episode:Call for FeedbackThis podcast uses the following third-party services for analysis: Podtrac - https://analytics.podtrac.com/privacy-policy-gdrpSpotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/
--------
33:21
Breaking into Cyber: Kiera Farrell on Growth, Networking & Early-Career Lessons
Episode SummaryKiera Farrell, Cyber Analyst at David Jones, shares her journey from studying a Bachelor of Cybersecurity to landing a role in cybersecurity operations. She reflects on the challenges of breaking into the industry, the lessons learned from risk management, and the importance of networking in career growth. Kiera and Cole discuss the value of stepping outside your comfort zone, the evolving landscape of cybersecurity degrees, and what hiring managers can do to attract and retain young talent. If you're an aspiring cybersecurity professional or a leader looking to support early-career hires, this episode is packed with insights.Timestamps2:00 – Kiera’s journey: From Bachelor of Cybersecurity to David Jones5:00 – What studying cybersecurity is really like8:10 – The surprising importance of risk management12:00 – Ethical hacking & the role of security education16:30 – The grad job hunt: what works, what doesn’t19:45 – The power of stepping out of your comfort zone21:30 – Building a strong professional network23:50 – What makes an employer attractive for graduates?26:40 – How mentorship accelerates career growth30:35 – Advice for students and early-career professionalsMentioned in this episode:Call for FeedbackThis podcast uses the following third-party services for analysis: Podtrac - https://analytics.podtrac.com/privacy-policy-gdrpSpotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/
Secured is the podcast for software security enthusiasts. Host Cole Cornford sits down with Australia's top software security experts to uncover their unconventional career paths and the challenges they faced along the way.
Listen in as they share their insights on the diverse approaches to AppSec, company by company, and how each organisation's security needs are distinct and require personalised solutions.
Gain insider access to the masterminds behind some of Australia's most successful Software security teams on Secured by Galah Cyber.
This podcast uses the following third-party services for analysis:
Podtrac - https://analytics.podtrac.com/privacy-policy-gdrp
Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/
UK