Episode Summary

With a career that spans mainframes, integration platforms, and developer experience, M Brennan brings a unique lens to the world of application security. In this episode, M joins Cole Cornford to unpack why integration is often the riskiest layer in software systems, how context is everything when choosing security controls, and what it really takes to build security into developer workflows without adding friction.

They dive into stories from government and enterprise environments, the overlap between security and resilience, and how thinking in terms of energy and empathy, not just tools, can lead to better outcomes for everyone. Plus, a surprisingly effective stereo-selling strategy, some well-earned AI scepticism, and a jam-jar analogy you’ll never forget.

Timestamps

03:45 From COBOL to Developer Experience in Security

06:37 Choosing the Right Security Control for the Right Risk

10:00 Reducing Developer Friction with Secure Defaults

14:10 How Threat Modelling Creates Real Value

17:57 Fixing Access and Provisioning for Devs and Security

20:09 Virtual Dev Environments and Automating the Boring Stuff

24:04 Smarter Security Adoption and the Jam Jar Effect

28:48 AI, Developer Toil and the Problem with Overpromising

31:03 Using AI to Kickstart Threat Modelling and Resilience

33:56 Why Some Tech Trends Aren’t Worth the Hype

36:09 The Risk of Letting Chatbots Handle Security Promises

37:16 Final Takeaways on Empathy, Context and Collaboration

Mentioned in this episode:

Call for Feedback