🎙️ Coffee, Chaos and ProdSec, Ep 25

Your roadmap looked great in January. It is February and AI just rewrote half of it for you.

This week, Kurt and Cameron bring Chelise and Caroline Wong to the table for a four person roundtable on cybersecurity leadership and the messy reality of running a security program. They dig into why security teams keep getting called the Department of No, how AI is forcing roadmap pivots faster than teams can keep up, and what it actually takes to prove Application Security and Product Security value when your best day means nothing happened.

The crew gets honest about compliance frustrations, risk registers that become black holes, and why "we need an AI strategy" is the new way your roadmap dies overnight. Caroline shares hard earned insight on becoming a strategic business leader instead of just a technical one. Chelise brings the project management reality check nobody asked for but everyone needed.

If you work in DevSecOps, cybersecurity leadership, or you are tired of watching your plans implode by Q2, grab your coffee and settle in.

☕ New episodes every Wednesday.

Coffee, Chaos and ProdSec -> strong coffee, stronger opinions.

🎙️ Coffee, Chaos and ProdSec, Ep 24

AI security is already happening in production, and most teams are governing systems after they're live, not during design.

So this week, Kurt and Cameron sit down with special guest Tarak, a Co-Founder, Cloud Platform Builder, and Cyber AI Agents Architect, to break down what happens when AI agents ship faster than security policies can keep up. From shadow AI sprawling across consumer tools even when enterprise copilots exist, to provenance gaps that break incident response before it starts, to automation that hides real breaches in a sea of low-confidence alerts, this episode tackles the failure modes most teams are already seeing but haven't named yet.

Your hosts dig into why retrofitting security onto AI systems collapses fast, how build pipelines change when AI shapes code before any control runs, and where human-in-the-loop boundaries actually matter versus where they just slow things down. It's an honest look at where AI genuinely helps Application Security teams and where it creates entirely new chaos, with real stories and zero vendor pitches.

If you work in Product Security, DevSecOps, Application Security, or Software Supply Chain Security, or you just want to hear three security practitioners question reality while AI rewrites the rulebook, this episode is your jam.

☕ New episodes every Wednesday.

Coffee, Chaos and ProdSec -> strong coffee, stronger opinions.

🎙️ Coffee, Chaos and ProdSec, Ep 23

AI security keeps getting talked about, but incident response, supply chain risk, and people are still treated like someone else’s problem.

So this week, Kurt and Cameron grab their mugs and spend the episode walking through what actually happens when AI systems misbehave, agents start acting outside expectations, and traditional security playbooks stop lining up with reality.

From AI specific incident response that doesn’t fit existing SOC workflows, to Software Supply Chain Security risks hiding in models, vendors, and embedded SaaS features, this episode gets into where things really break once AI is in production.

They also dig into why AI training across teams matters more than most controls, how shadow AI keeps showing up in unexpected places, and why compliance pressure around AI is no longer theoretical as regulations and accountability get real.

If you work in Cybersecurity, Application Security, Product Security, DevSecOps, or you’re trying to prepare your org for AI incidents, audits, and uncomfortable questions, this episode will sound very familiar.

☕ New episodes every Wednesday.

Coffee, Chaos and ProdSec -> strong coffee, stronger opinions.

🎙️ Coffee, Chaos and ProdSec, Ep 22

AI is already inside your environment, whether you planned for it or not. So this week, Kurt and Cameron grab their mugs and talk through the AI security foundations that tend to break first, long before anyone calls it an incident.

From gaining visibility into shadow AI and hidden agents, to setting up governance that does not drive usage underground, to building inventories that actually keep up with how fast AI changes, this episode digs into where things fall apart in real organizations.

They also get into securing AI usage itself, from agents running with the wrong identities, to data leaking quietly through prompts and responses, to why traditional DLP and SDLC assumptions no longer hold.

Along the way, they connect the dots between Cybersecurity, Application Security, Product Security, DevSecOps, Software Supply Chain Security, and AI, with honest takes, real-world examples, and a few moments of disbelief at how familiar these failures already feel.

If you are responsible for AI risk, or you are about to be, this episode will sound uncomfortably close to home.

☕ New episodes every Wednesday.

Coffee, Chaos and ProdSec -> strong coffee, stronger opinions.

🎙️ Coffee, Chaos and ProdSec, Ep 21

Security teams love tools and checklists, but most failures start with people, pressure, and messy handoffs.So this week, Kurt and Cameron grab their mugs and break down what certifications do not teach, how human risk shows up in real incidents, and why security only works when it becomes a team sport.

From rushed approvals and blurry ownership, to vulnerability management that turns into prioritization fights, to governance that looks solid until change hits, this episode follows the work where it actually breaks.Your hosts dig into why execution beats perfection, how context matters more than compliance, and where AI speeds up both delivery and abuse while teams are still trying to keep up. It is practical, a little chaotic, and full of moments that feel like “yeah, that tracks.”

If you work in Cybersecurity, Application Security, Product Security, DevSecOps, Software Supply Chain Security, or you are trying to scale security without losing your mind, this episode is for you.

☕ New episodes every Wednesday.

Coffee, Chaos and ProdSec -> strong coffee, stronger opinions.

🎙️ Coffee, Chaos and ProdSec

Ep 20 APIs are the backbone of modern apps, and attackers know it.

This week, Kurt and Cameron break down the API security mess with stories from the trenches, practical fixes, and a few "how is this still happening" moments that'll make you check your own endpoints.

From unauthenticated APIs sitting wide open to broken authorization bugs that let you change one ID and steal the whole database, the hosts walk through the Hall of Shame with examples that sting. They tackle the nightmare of zombie and shadow APIs nobody remembers deploying, explain why API inventory is nearly impossible to maintain, and explore how bots have evolved into AI agents that can scan, exploit, and exfiltrate faster than any human.

Your hosts dig into why security through obscurity still exists in 2026, how to actually test APIs before attackers do, and what happens when AI shopping agents and MCP servers become the new attack surface. It's a tour through Application Security, DevSecOps, and Cybersecurity realities with humor and zero fluff.

If you're building or defending APIs, this episode is required listening.

☕ New episodes every Wednesday.

Coffee, Chaos and ProdSec -> strong coffee, stronger opinions.

🎙️ Coffee, Chaos and ProdSec, Ep 19

Cloud security keeps getting more complicated, but identity keeps getting ignored.

So this week, Kurt and Cameron grab their coffee and dig into why identity failures are quietly powering most modern cloud incidents.

From service accounts that never die, to Kubernetes clusters held together with cluster admin access and hope, to APIs nobody remembers exposing, this episode walks through the real reasons cloud security keeps falling apart at scale.

They talk through why teams still treat workload identities like humans, how Kubernetes creates a false sense of safety, why API sprawl and logging pipelines leak more data than people realize, and where AI actually helps versus where it just adds noise and false confidence.

There’s no vendor pitch here. Just honest conversations about tradeoffs, broken assumptions, and the gap between cloud security best practices and what actually survives in production.

If you work in Cybersecurity, Application Security, Product Security, DevSecOps, Software Supply Chain Security, or you’re trying to make sense of cloud chaos without the buzzwords, this one’s for you.

☕ New episodes every Wednesday.

Coffee, Chaos and ProdSec -> strong coffee, stronger opinions.

🎙️ Coffee, Chaos and ProdSec, Ep 18

2026 is getting closer, and security is already acting weird.

So this week, Kurt and Cameron grab their mugs and talk through what they see coming next for Product Security and the teams trying to keep up.

From AI agents showing up in the SOC, AppSec, DevSecOps, and GRC, to supply chain risks getting deeper and harder to see, this episode walks through the trends that are starting to take shape right now. The kind that change how work actually gets done, not just how tools are marketed.

They unpack how AI is speeding up code, reviews, and attacks at the same time, why remediation speed is becoming the real bottleneck, and how identity, cloud, and infrastructure are turning into the main battlegrounds. There are strong opinions, a few laughs, and plenty of moments where the future feels exciting and a little uncomfortable.

If you work in Cybersecurity, Application Security, Product Security, DevSecOps, or Software Supply Chain Security, this episode is a look at 2026 through the lens of people who live this stuff every day. All powered by coffee and curiosity.

☕ New episodes every Wednesday.

Coffee, Chaos and ProdSec -> strong coffee, stronger opinio