About Us

About Us

The Application Security PodCast exists to reach people that build or test things (developers, testers, managers, product people, sales, marketing). We explain the details of application security in a way that someone new to the discipline can understand. We strive to break out of the security echo chamber and talk to real people that design, build, and test stuff. When we aren’t speaking of foundational application security topics, we interview successful people in the application security world and decompose what makes them successful. If we hear an interesting conference presentation on a topic, we invite the speaker as a guest and have them break down the topic in 30 minutes. We cut through any boundaries that exist in #AppSec or #InfoSec, and are not afraid to talk about any type of technology and the role of security in making things tick.

The Application Security or #AppSec PodCast is co-hosted by Chris Romeo and Robert Hurlbut.


Chris Romeo


Security Journey

 Robert Hurlbut


 Chris Romeo is the Co-Founder, CEO, Chief Learning Officer & Principal Consultant at Security Journey. He was the Chief Security Advocate at Cisco Systems for five years, where he guided Cisco’s Secure Development Lifecycle (CSDL), empowering engineers to “build security in” to all products at Cisco. He led the creation of Cisco’s internal, end-to-end application security awareness program launched in 2012, which continues to impact more than 30,000 employees. Chris has twenty years of experience in security, holding positions across application security, penetration testing, and incident response. Chris is a sought after conference speaker, with experience speaking at the RSA Conference, ISC2 Security Congress, AppSec USA, and many others. Chris holds the CISSP and CSSLP certifications and is fond of saying “We are all security people”. Robert Hurlbut is a Threat Modeling Architect/Lead at a large financial institution. Robert is a Microsoft MVP for Developer Technologies and Security and holds the (ISC)2 CSSLP security certification. Robert has 30 years of industry experience in software security, software architecture, and software development and is a frequent speaker at user groups, national and international conferences. In addition to co-hosting the AppSecPodcast, Robert leads two Meetup groups in Massachusetts – a software architecture group for over 13 years and a security group for over 2 years.