David Kosorok - Mastering Application Security

David Kosorok, the Director of Information Security Programs at Toast, Inc., has over 25 years of experience in software and security testing, including more than 16 years dedicated to security. He’s led and scaled product security programs across organizations of all sizes, making him a trusted voice in the appsec space.

In this episode of The Security Champion’s Podcast, David joined Dustin Lehr to share key insights from his new book ‘Mastering Application Security.’ They dive into what it takes to build a high-performing appsec team, from aligning talent with mission to prioritizing the right initiatives in your appsec program.

0:37 Welcome to The Security Champion’s Podcast
2:46 About the Book: Mastering Application Security
4:32 Vision, Mission, & Building the Right Team
14:49 Empowering Teams with Ownership and Accountability
24:01 Stakeholder Engagement
29:19 AppSec Initiatives & Where to Start
39:27 How to Prioritize and Rollout Initiatives
45:31 Top 10 Recommended AppSec Initiatives
48:35 Formalizing a Security Champions Program
57:58 AI/LLMs and Closing Thoughts

Resources:
BOOK - Mastering Application Security: Building Elite Teams for Tomorrow's Threats: https://www.amazon.com/Mastering-Appl...
The Security Champion Program Success Guide: https://securitychampionsuccessguide....
Follow David on LinkedIn:   / kosorok  
Follow Dustin on LinkedIn:   / dustinlehr  
Subscribe to Dustin's YouTube channel:    / @cyberpagefault  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This video is sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC.

Get your FREE Security Champion's Field Guide: https://info.securityjourney.com/tact...

FOLLOW US to stay up-to-date with new content!
X (https://x.com/SecurityJourney)
LinkedIn (  / 7574213  )
Instagram (https://www.instagram.com/securityjou...)
YouTube (   / @securityjourney   )
Online (securityjourney.com)
CONTACT: [email protected]

#podcast #cybersecurity #securecode #securitytraining #appsec #code #development #securitychampions #securityculture #infosec #devsecops