Shows
What the Dev?329: The impact of AI on ASPM (with ArmorCode's Mark Lambert)In this episode, Dave interviews Mark Lambert, chief product officer of ArmorCode, about how AI is influencing Application Security Posture Management (ASPM).They discuss:How AI-generated code has more vulnerabilities than human-generated codeThe risks of slowing down innovation while trying to govern AI-assisted developmentUsing AI agents for automated testing and security vulnerability detection
2025-10-0714 min
Let's Talk AppSecOpsGates to GuardrailsDevelopers don't want to be slowed down, but security teams don't want development speed driving AppSec posture off a cliff. The compromise: security guardrails instead of release gates. With a basis of mutual trust that only critical findings will be sent for remediation and all critical findings will be remediated, friction between teams can be mitigated. Avoiding alert fatigue is one thing both security and developer talent can agree on.About ArmorCodeWe develop, sell, and deliver the world’s first and leading AppSecOps platform to our customers, along with the expertise, support and community they need to sh...
2025-08-0306 min
Partnerships UnraveledJeff Skeldon - Turning Channel Complexity into Strategic AdvantageIn this episode of Partnerships Unraveled, we dive deep with Jeff Skeldon, Head of Go-To-Market at ArmorCode, to explore the full spectrum of building and managing a channel-centric revenue engine.Jeff shares his decades of wisdom on navigating timing, trust, and transparency in partner ecosystems, and why true commitment, not convenience, defines successful channel strategy.Here’s what we cover in this conversation:- We discussed the critical indicators founders should watch for before diving into the channel, and why product-market fit must co...
2025-06-3030 min
Security Weekly Podcast Network (Video)AI in AppSec: Agentic Tools, Vibe Coding Risks & Securing Non-Human Identities - Mo Aboul-Magd, Brian Fox, Mark Lambert, Shahar Man - ASW #332ArmorCode unveils Anya—the first agentic AI virtual security champion designed specifically for AppSec and product security teams. Anya brings together conversation and context to help AppSec, developers and security teams cut through the noise, prioritize risks, and make faster, smarter decisions across code, cloud, and infrastructure. Built into the ArmorCode ASPM Platform and backed by 25B findings, 285+ integrations, natural language intelligence, and role-aware insights, Anya turns complexity into clarity, helping teams scale securely and close the security skills gap. Anya is now generally available and included as part of the ArmorCode ASPM Platform. Visit https://securityweekly.co...
2025-05-271h 04
Security Weekly Podcast Network (Audio)AI in AppSec: Agentic Tools, Vibe Coding Risks & Securing Non-Human Identities - Mo Aboul-Magd, Shahar Man, Brian Fox, Mark Lambert - ASW #332ArmorCode unveils Anya—the first agentic AI virtual security champion designed specifically for AppSec and product security teams. Anya brings together conversation and context to help AppSec, developers and security teams cut through the noise, prioritize risks, and make faster, smarter decisions across code, cloud, and infrastructure. Built into the ArmorCode ASPM Platform and backed by 25B findings, 285+ integrations, natural language intelligence, and role-aware insights, Anya turns complexity into clarity, helping teams scale securely and close the security skills gap. Anya is now generally available and included as part of the ArmorCode ASPM Platform. Visit https://securityweekly.co...
2025-05-271h 04
Application Security Weekly (Audio)AI in AppSec: Agentic Tools, Vibe Coding Risks & Securing Non-Human Identities - Mo Aboul-Magd, Shahar Man, Brian Fox, Mark Lambert - ASW #332ArmorCode unveils Anya—the first agentic AI virtual security champion designed specifically for AppSec and product security teams. Anya brings together conversation and context to help AppSec, developers and security teams cut through the noise, prioritize risks, and make faster, smarter decisions across code, cloud, and infrastructure. Built into the ArmorCode ASPM Platform and backed by 25B findings, 285+ integrations, natural language intelligence, and role-aware insights, Anya turns complexity into clarity, helping teams scale securely and close the security skills gap. Anya is now generally available and included as part of the ArmorCode ASPM Platform. Visit https://securityweekly.co...
2025-05-271h 04
Application Security Weekly (Video)AI in AppSec: Agentic Tools, Vibe Coding Risks & Securing Non-Human Identities - Mo Aboul-Magd, Brian Fox, Mark Lambert, Shahar Man - ASW #332ArmorCode unveils Anya—the first agentic AI virtual security champion designed specifically for AppSec and product security teams. Anya brings together conversation and context to help AppSec, developers and security teams cut through the noise, prioritize risks, and make faster, smarter decisions across code, cloud, and infrastructure. Built into the ArmorCode ASPM Platform and backed by 25B findings, 285+ integrations, natural language intelligence, and role-aware insights, Anya turns complexity into clarity, helping teams scale securely and close the security skills gap. Anya is now generally available and included as part of the ArmorCode ASPM Platform. Visit https://securityweekly.co...
2025-05-271h 04
RSACEmpowering Seniors: Practical Cybersecurity for the Digital AgeSeniors face growing cyberthreats like phishing and identity theft. This session simplifies cybersecurity, offering practical tools and strategies to help older adults and their caregivers recognize and avoid scams. Attendees will gain clear, actionable steps to protect themselves and their loved ones from evolving online dangers.
Speakers:
Alex East, Senior Solutions Engineer, Armorcode
Tatyana Sanchez, Content & Program Coordinator, RSAC
Kacy Zurkus, Director, Content, RSAC
2025-02-2024 min
ITSPmagazineEnhancing Security Posture by Automating and Optimizing Application Security | A Brand Story Conversation From Black Hat USA 2024 | An ArmorCode Story with Mark Lambert | On Location Coverage with Sean Martin and Marco CiappelliIn this Brand Story episode recorded during Black Hat USA 2024, host Sean Martin sat down with Mark Lambert of ArmorCode to discuss the evolving challenges and innovative strategies in application security and vulnerability management.ArmorCode stands out in its field by not being just another scanner but by integrating with an organization's existing tool ecosystem. Lambert explains that their platform connects with over 250 different source tools, from threat modeling to endpoint security, to provide comprehensive visibility and risk scoring. This integration is crucial for automating remediation workflows downstream and supporting various use cases, including vulnerability management and...
2024-08-1317 min
Brand Stories PodcastsEnhancing Security Posture by Automating and Optimizing Application Security | A Brand Story Conversation From Black Hat USA 2024 | An ArmorCode Story with Mark Lambert | On Location Coverage with Sean Martin and Marco CiappelliIn this Brand Story episode recorded during Black Hat USA 2024, host Sean Martin sat down with Mark Lambert of ArmorCode to discuss the evolving challenges and innovative strategies in application security and vulnerability management.ArmorCode stands out in its field by not being just another scanner but by integrating with an organization's existing tool ecosystem. Lambert explains that their platform connects with over 250 different source tools, from threat modeling to endpoint security, to provide comprehensive visibility and risk scoring. This integration is crucial for automating remediation workflows downstream and supporting various use cases, including vulnerability management and...
2024-08-1317 min
On Location With Sean Martin And Marco CiappelliEnhancing Security Posture by Automating and Optimizing Application Security | A Brand Story Conversation From Black Hat USA 2024 | An ArmorCode Story with Mark Lambert | On Location Coverage with Sean Martin and Marco CiappelliIn this Brand Story episode recorded during Black Hat USA 2024, host Sean Martin sat down with Mark Lambert of ArmorCode to discuss the evolving challenges and innovative strategies in application security and vulnerability management.ArmorCode stands out in its field by not being just another scanner but by integrating with an organization's existing tool ecosystem. Lambert explains that their platform connects with over 250 different source tools, from threat modeling to endpoint security, to provide comprehensive visibility and risk scoring. This integration is crucial for automating remediation workflows downstream and supporting various use cases, including vulnerability management and...
2024-08-1317 min
Redefining CyberSecurityEnhancing Security Posture by Automating and Optimizing Application Security | A Brand Story Conversation From Black Hat USA 2024 | An ArmorCode Story with Mark Lambert | On Location Coverage with Sean Martin and Marco CiappelliIn this Brand Story episode recorded during Black Hat USA 2024, host Sean Martin sat down with Mark Lambert of ArmorCode to discuss the evolving challenges and innovative strategies in application security and vulnerability management.ArmorCode stands out in its field by not being just another scanner but by integrating with an organization's existing tool ecosystem. Lambert explains that their platform connects with over 250 different source tools, from threat modeling to endpoint security, to provide comprehensive visibility and risk scoring. This integration is crucial for automating remediation workflows downstream and supporting various use cases, including vulnerability management and...
2024-08-1317 min
The Launch Gravy PodcastLaunch Gravy Podcast - Episode 1 - Devin Maguire, ArmorCodeIn episode 1 of the Launch Gravy podcast, we sit down with Devin Maguire, Sr. Product Marketing Manager at ArmorCode to discuss a recent product launch he led in the Application Security (APPSEC) space and how AI played a role in the product. Devin also shares lessons learned from this launch and his overall product marketing experience.
Devin Maguire: LinkedIn: / devin-maguire-b751a346
2024-07-0643 min
CSA Security UpdateDecoding Security Solutions: ASPM vs CSPM vs CNAPPIn the ever-expanding digital world, securing applications and the infrastructure they rely on is critical. This episode tackles three key security field acronyms: Application Security Posture Management (ASPM), Cloud Security Posture Management (CSPM), and Cloud-Native Application Protection Platform (CNAPP). While all focused on bolstering security posture, these target different aspects of one's security program.Listen as we interview Karthik Swarnam, Chief Security and Trust Officer at Armorcode, a CSA member, and take a deep dive into this subject. We discuss:Distinguishing between ASPM, CSPM, and CNAPP: Understand their functionalities, target areas, and how they...
2024-05-2830 min
ASCEND PodcastEP 06:Scaling with Tenacity and Humility with ArmorCode's Nikhil GuptaIn this interview with Nikhil Gupta, Founder and CEO of ArmorCode, he discusses his entrepreneurial journey and advice for founders.
KEY HIGHLIGHTS:
- Nikhil has always had an entrepreneurial spirit, inspired by seeing his father's small business while growing up in India.
- He tried starting companies multiple times, failing over 20+ years before finally having a successful exit with his previous startup Avid Secure.
- Nikhil started ArmorCode during COVID because he saw it as an inflection point with increased digital transformation and cyber threats.
...
2024-05-0827 min
AI and the Future of Work: Artificial Intelligence in the Workplace, Business, Ethics, HR, and IT for AI Enthusiasts, Leaders and AcademicsTim Guleri, Managing Director @ Sierra Ventures, discusses what he's looking to fund in gen AI... and what most entrepreneurs get wrongTim Guleri has had a remarkable run at Sierra Ventures since 2001. He has invested in transcendent companies including Sourcefire and MakeMyTrip which both went public. Before that, Tim had a successful career as an entrepreneur and exec at companies like Scopus and Octane which was acquired by Epiphany in 2000.Sierra has one of the strongest future of work and AI portfolios that includes companies like Paro, Krisp, and SupportLogic which acquired Emtropy Labs which was founded by great former guest Harish Batlapenamurthy. In full disclosure, Sierra and I are both investors in ArmorCode.Listen and...
2023-10-0931 min
Cloud Security TodayOpen Source Security: A Deep DiveSend us a textEpisode SummaryOn this episode, the Co-Founder and CEO of Endor Labs, Varun Badhwar, joins Matt to talk about software supply chain security. Varun has a proven track record of building and leading enterprise security companies across Product Strategy, Marketing, Technical Sales, and Customer Success functions. He serves as a Member of the Forbes Technology Council, a Board Member of Cowbell, a Board Advisor of ArmorCode, and the former Founder and CEO of RedLock.Today, Varun talks about open source risks, how to identify and mitigate risks...
2023-06-2134 min
B2B Go-To-Market LeadersArmorCode's Go-To-Market Approach: Serving Customers In The AppSec Space With LingRaj PatilBy analyzing the issues and collaborating with our clients, we can comprehend their concerns and provide specific remedies that effectively meet their requirements. For today’s episode,LingRaj Patil, VP of Marketing atArmorCode, reveals the company’s go-to-market approach. He shares how ArmorCode prioritizes customer-centric problem-solving to drive meaningful impact and innovation within the cybersecurity industry. LingRaj emphasizes the significance of starting with problems and working closely with customers to fully understand their pain points. By articulating and offering targeted solutions, ArmorCode effectively addresses the problems faced by its customers. LingRaj also shares his career journey and the trajectory that...
2023-06-1442 min
Let's Talk AppSecOpsGates to GuardrailsDevelopers don't want to be slowed down, but security teams don't want development speed driving AppSec posture off a cliff. The compromise: security guardrails instead of release gates. With a basis of mutual trust that only critical findings will be sent for remediation and all critical findings will be remediated, friction between teams can be mitigated. Avoiding alert fatigue is one thing both security and developer talent can agree on.About ArmorCodeWe develop, sell, and deliver the world’s first and leading AppSecOps platform to our customers, along wi...
2022-11-0306 minLet's Talk AppSecOpsFactors in PrioritizationPrioritizing threat/vulnerability findings takes thought, a satellite cam, and a microscope if you don't have an AppSecOps platform at work. There's a lot to consider: criticality variance across tools (they don't come normalized out of the box), threat intelligence on CVEs, and tool/technique weight factors, for starters.A major concept is the context around the app/sub-app/module associated with a finding. The software's dependencies, environment, provenance, and the sensitivity of its data are just a few values that affect priority. That context dictates resource alignment, while risk scoring influences specific tactical activities thereafter.About ArmorCode
2022-10-2706 minLet's Talk AppSecOpsFactors in PrioritizationPrioritizing threat/vulnerability findings takes thought, a satellite cam, and a microscope if you don't have an AppSecOps platform at work. There's a lot to consider: criticality variance across tools (they don't come normalized out of the box), threat intelligence on CVEs, and tool/technique weight factors, for starters.A major concept is the context around the app/sub-app/module associated with a finding. The software's dependencies, environment, provenance, and the sensitivity of its data are just a few values that affect priority. That context dictates resource alignment, while risk scoring influences specific tactical...
2022-10-2706 minLet's Talk AppSecOpsVulnerability Management – What? When? How?Vulnerability Management looks different from business to business. What qualifies a risk as acceptable or not? When should confirmed vulns be fixed by? Perhaps most distressingly, how do we know when vulnerability has actually been remediated? Luis Guzmán talks about the different aspects of vulnerability and its most common musts:a workflow framework that security & dev agree onlive critical finding notificationsactive remediation monitoringvisibility throughout ticket lifecycles "from soup to nuts"About ArmorCodeWe develop, sell, and deliver the world’s first and leading AppSecOps platform to our customers, along with the expertise, support and community they nee...
2022-10-2006 minLet's Talk AppSecOpsVulnerability Management – What? When? How?Vulnerability Management looks different from business to business. What qualifies a risk as acceptable or not? When should confirmed vulns be fixed by? Perhaps most distressingly, how do we know when vulnerability has actually been remediated? Luis Guzmán talks about the different aspects of vulnerability and its most common musts:a workflow framework that security & dev agree onlive critical finding notificationsactive remediation monitoringvisibility throughout ticket lifecycles "from soup to nuts"About ArmorCodeWe develop, sell, and deliver the world’s first and leading AppSecOps platform to...
2022-10-2006 minLet's Talk AppSecOpsGetting Started With AppSecIt's a common misconception that the first step to building an application security program is sorting out the tooling. In reality, security tools translate well, and most early-game head-scratching will center on process. It helps to start small: SCA (source composition analysis) being an un-intensive and non-invasive first measure is a great launch point. This is not only due to the great availability of SCA tools, but also because its ease of adoption primes security teams before they pursue more investigation- and work-heavy practices like SAST, DAST, IAST, etc.About ArmorCode
2022-10-0705 minLet's Talk AppSecOpsGetting Started With AppSecIt's a common misconception that the first step to building an application security program is sorting out the tooling. In reality, security tools translate well, and most early-game head-scratching will center on process. It helps to start small: SCA (source composition analysis) being an un-intensive and non-invasive first measure is a great launch point. This is not only due to the great availability of SCA tools, but also because its ease of adoption primes security teams before they pursue more investigation- and work-heavy practices like SAST, DAST, IAST, etc.About ArmorCodeWe develop, sell, and deliver the world’s...
2022-10-0705 minLet's Talk AppSecOpsShort Release Cycles: Pros & ConsA short release cycle has myriad benefits: faster delivery to market for new functionalities, and swiftly-improving accuracy toward goals (what we call Agile) chief among them. And from a security perspective, a quick reaction time to zero-day threats thanks to a well-oiled assembly line is invaluable. But, of course, there are drawbacks: like a lack of cohesion and communication between security and dev teams, and unequal pressure on AppSec to quicken their side of SLAs. As Luis points out, we discovered in our State of AppSecOps Report that the ship cycle sweet spot is 1-2 weeks (most often 2), wherein...
2022-10-0708 minLet's Talk AppSecOpsShort Release Cycles: Pros & ConsA short release cycle has myriad benefits: faster delivery to market for new functionalities, and swiftly-improving accuracy toward goals (what we call Agile) chief among them. And from a security perspective, a quick reaction time to zero-day threats thanks to a well-oiled assembly line is invaluable. But, of course, there are drawbacks: like a lack of cohesion and communication between security and dev teams, and unequal pressure on AppSec to quicken their side of SLAs. As Luis points out, we discovered in our State of AppSecOps Report that the ship cycle sweet spot is 1-2 weeks (most often 2), wherein security...
2022-10-0708 minLet's Talk AppSecOpsThe SBOM MovementThe SBOM Movement has gained huge attention in just half a year. Whether as an external dependency of a developing product or a mission-critical tech stack component, inbound software has provenance (and often, vulnerabilities) that need to be reported for security downstream. US and foreign government support, as well as executive action, have done so much to stir awareness of these supporting docs. Many are ready to embrace it as standard—but 2/3ʳᵈˢ or more organizations still are unaware of new SBOM mandates. Luis Guzmán explains why the future for SBOMs is bright but still has ways to go before...
2022-10-0704 minLet's Talk AppSecOpsThe SBOM MovementThe SBOM Movement has gained huge attention in just half a year. Whether as an external dependency of a developing product or a mission-critical tech stack component, inbound software has provenance (and often, vulnerabilities) that need to be reported for security downstream. US and foreign government support, as well as executive action, have done so much to stir awareness of these supporting docs. Many are ready to embrace it as standard—but 2/3ʳᵈˢ or more organizations still are unaware of new SBOM mandates. Luis Guzmán explains why the future for SBOMs is bright but still has ways to go before reachin...
2022-10-0704 minLet's Talk AppSecOpsDev Vs Sec – Who's Responsible For The Ops?The State of AppSecOps Report found "reducing developer friction" was a top 3 priority for security leaders. A common contributor is the volleying of security responsibilities, especially with infrastructure-as-code—a gray area that often has security and dev teams pointing fingers. To get willing collaboration, security teams need to practice carrot tactics and better understand the expectations and environments their developers are facing.About ArmorCodeWe develop, sell, and deliver the world’s first and leading AppSecOps platform to our customers, along with the expertise, support and community they need to ship secure software and ship it fast. The Armo...
2022-10-0706 minLet's Talk AppSecOpsDev Vs Sec – Who's Responsible For The Ops?The State of AppSecOps Report found "reducing developer friction" was a top 3 priority for security leaders. A common contributor is the volleying of security responsibilities, especially with infrastructure-as-code—a gray area that often has security and dev teams pointing fingers. To get willing collaboration, security teams need to practice carrot tactics and better understand the expectations and environments their developers are facing.About ArmorCodeWe develop, sell, and deliver the world’s first and leading AppSecOps platform to our customers, along with the expertise, support and community they need to s...
2022-10-0706 min
Ink8r (in·cu·ba·tor) PodcastEpisode #16 - Harmonizing your AppSecOps ProgramApplication delivery velocity is driving a need to bolster an organization's existing software security posture. One fundamental aspect in fortifying an AppSec strategy is to leverage the API’s of existing application portfolio management solutions, code repositories, open source code scanning, static code scanning, credential scanning, image scanning, and various dynamic application security test tools, to create a composite risk profile for each asset along with prioritization, tracking, and automated SLA management across the Secure Software Development Lifecycle (S-SDLC). This allows us to move beyond what is often construed as an obsession with defects, to achieve a degree of harm...
2022-08-0747 minLet's Talk AppSecOpsConcrete to Cloud: Securing Assets across the EnterpriseThe transition from all-hardware to mostly-digital assets has complicated and decentralized the job of security. Cloud and container apps and infrastructure-as-code are examples of innovations whose security requirements will span multiple desks, as the role of the cybersecurity do-it-all becomes a relic of the past—even for smaller organizations.About ArmorCodeWe develop, sell, and deliver the world’s first and leading AppSecOps platform to our customers, along with the expertise, support and community they need to ship secure software and ship it fast. The ArmorCode platform brings together powe...
2022-08-0405 minLet's Talk AppSecOpsConcrete to Cloud: Securing Assets across the EnterpriseThe transition from all-hardware to mostly-digital assets has complicated and decentralized the job of security. Cloud and container apps and infrastructure-as-code are examples of innovations whose security requirements will span multiple desks, as the role of the cybersecurity do-it-all becomes a relic of the past—even for smaller organizations.About ArmorCodeWe develop, sell, and deliver the world’s first and leading AppSecOps platform to our customers, along with the expertise, support and community they need to ship secure software and ship it fast. The ArmorCode platform brings together powerful AppSec Posture, Vulnerability, and Compliance Management with DevSecOps work...
2022-08-0405 min
Application Security Weekly (Audio)ASW #199 - Nikhil GuptaNikhil will be discussing the pain points that leaders in the application security space are facing, which can cover how software development has evolved, as well as how this has impacted development teams and security teams as well as the occurrence of shifting left. He would also like to speak to the solution he has found to this problem, specifically being that of developing a community, the Purple Book Community. This closely connects to the final topics he would like to cover, which include how breaches have continued to occur at an increasingly rapid pace, leading to the importance...
2022-07-281h 16
Application Security Weekly (Video)Answering the 'How' Questions of Software Security - Nikhil Gupta - ASW #199Nikhil will be discussing the pain points that leaders in the application security space are facing, which can cover how software development has evolved, as well as how this has impacted development teams and security teams as well as the occurrence of shifting left. He would also like to speak to the solution he has found to this problem, specifically being that of developing a community, the Purple Book Community. This closely connects to the final topics he would like to cover, which include how breaches have continued to occur at an increasingly rapid pace, leading to the importance...
2022-07-0639 min
The dojo.live show / Interviews with Visionaries Shaping Travel TechApplication Security Needs AutomationIs AppSec automation the key to accelerating application delivery securely? View the full video interview here.
Nikhil Gupta is the founder and CEO of ArmorCode, the Silicon Valley startup delivering application security at the speed of DevOps.
Gupta is a successful serial entrepreneur with more than 25 years of experience leading high-growth security teams. Prior to founding ArmorCode, Gupta was the CEO and Co-founder of Avid Secure (acquired by Sophos), a market-leading AI-powered multi-cloud security and compliance platform.
2022-06-2230 min
Engineering ManifestosBuilding ArmorCode with Nikhil GuptaNikhil Gupta, Co-Founder & CEO, ArmorCode, sat down with me to share the story of pursuing his crazy idea to start ArmorCode during the modern world’s worst pandemic.4:19 [Provenance] Why Nikhil embarked on the ArmorCode journey (WHY "This Problem", WHY "Now", WHY "Him")?7:10 [Pitch] Customer Pain-points & taking a "People-first" approach to solve them15:00 [People] Company Culture & how it keeps evolving23:02 [Customer Discovery (Process)] Navigating the delicate line between drinking your Kool-Aid & not getting discouraged by customer feedback26:38 [Customer Discovery (Process)] "Art" of digging deeper to uncover "true" customer feedback on your "Problem Hypothesis"
2022-03-2732 min
The CISO DiariesLes Correia, Global Head of Application Security at The Estée Lauder Companies – Powerful Intriguing Force!Les Correia, Global Head of Application Security at The Estée Lauder Companies – Powerful Intriguing Force! This week we welcome the worldly Les Correia, who is the Global Head of Application Security at The Estée Lauder Companies Inc. In a previous life he held Senior/Advisory roles providing thought leadership at AT&T, Lucent, INS (now BT Professional services) and many other organizations in the US, Canada, Qatar, Germany, Brazil, and India. During his spare time, he enjoys flying aircraft and exploring New York museums and art galleries. Recently he also contributed to the Purple Book Commu...
2021-09-0247 min