🎙️ Coffee, Chaos and ProdSec, Ep 25

Your roadmap looked great in January. It is February and AI just rewrote half of it for you.

This week, Kurt and Cameron bring Chelise and Caroline Wong to the table for a four person roundtable on cybersecurity leadership and the messy reality of running a security program. They dig into why security teams keep getting called the Department of No, how AI is forcing roadmap pivots faster than teams can keep up, and what it actually takes to prove Application Security and Product Security value when your best day means nothing happened.

The crew gets honest about compliance frustrations, risk registers that become black holes, and why "we need an AI strategy" is the new way your roadmap dies overnight. Caroline shares hard earned insight on becoming a strategic business leader instead of just a technical one. Chelise brings the project management reality check nobody asked for but everyone needed.

If you work in DevSecOps, cybersecurity leadership, or you are tired of watching your plans implode by Q2, grab your coffee and settle in.

☕ New episodes every Wednesday.

Coffee, Chaos and ProdSec -> strong coffee, stronger opinions.

🎙️ Coffee, Chaos and ProdSec, Ep 24

AI security is already happening in production, and most teams are governing systems after they're live, not during design.

So this week, Kurt and Cameron sit down with special guest Tarak, a Co-Founder, Cloud Platform Builder, and Cyber AI Agents Architect, to break down what happens when AI agents ship faster than security policies can keep up. From shadow AI sprawling across consumer tools even when enterprise copilots exist, to provenance gaps that break incident response before it starts, to automation that hides real breaches in a sea of low-confidence alerts, this episode tackles the failure modes most teams are already seeing but haven't named yet.

Your hosts dig into why retrofitting security onto AI systems collapses fast, how build pipelines change when AI shapes code before any control runs, and where human-in-the-loop boundaries actually matter versus where they just slow things down. It's an honest look at where AI genuinely helps Application Security teams and where it creates entirely new chaos, with real stories and zero vendor pitches.

If you work in Product Security, DevSecOps, Application Security, or Software Supply Chain Security, or you just want to hear three security practitioners question reality while AI rewrites the rulebook, this episode is your jam.

☕ New episodes every Wednesday.

Coffee, Chaos and ProdSec -> strong coffee, stronger opinions.

🎙️ Coffee, Chaos and ProdSec, Ep 23

AI security keeps getting talked about, but incident response, supply chain risk, and people are still treated like someone else’s problem.

So this week, Kurt and Cameron grab their mugs and spend the episode walking through what actually happens when AI systems misbehave, agents start acting outside expectations, and traditional security playbooks stop lining up with reality.

From AI specific incident response that doesn’t fit existing SOC workflows, to Software Supply Chain Security risks hiding in models, vendors, and embedded SaaS features, this episode gets into where things really break once AI is in production.

They also dig into why AI training across teams matters more than most controls, how shadow AI keeps showing up in unexpected places, and why compliance pressure around AI is no longer theoretical as regulations and accountability get real.

If you work in Cybersecurity, Application Security, Product Security, DevSecOps, or you’re trying to prepare your org for AI incidents, audits, and uncomfortable questions, this episode will sound very familiar.

☕ New episodes every Wednesday.

Coffee, Chaos and ProdSec -> strong coffee, stronger opinions.