In this episode of Secured, host Cole Cornford chats with Neha Malik, Head of Product Security at REA Group, about building and scaling effective application security (AppSec) programs. They delve into the importance of empathy, communication, and relationship-building between security teams and developers. Neha shares her journey from a Microsoft graduate program, through external consulting at KPMG, and into her current leadership role. They discuss making security easy for engineers, managing security champions programs with realistic expectations, and learning from other disciplines—like psychology and marketing—to better influence and engage stakeholders. Neha and Cole also highlight how tailoring approach and tooling can differ for startups and large enterprises, and emphasise that collaboration, not confrontation, leads to long-term AppSec success.

00:20 - Neha’s Role at REA Group and Positive AppSec Outcomes

01:30 - Starting a Career in Security at Microsoft’s Grad Program

05:45 - Building an AppSec Program from Scratch at REA

10:00 - Startups: Embedding Security in Tools Over Heavy Process

14:40 - Security Champions Programs: Value, Expectations, and Incentives

20:25 - Learning from Other Disciplines (e.g., Psychology) to Influence Teams

Mentioned in this episode:

Call for Feedback

In this special christmas episode of Secured, Cole Cornford does something a little different to usual and answers listener questions. Lots of topics are covered, including new years resolutions, cybersecurity trends of 2024, career and life advice, and plenty more.

A huge thank you to everyone who sent in questions! We had so many responses that we weren't able to get to all of them. Let us know if you enjoy this format and we may do it again in the future.

1:00 - Cole's thoughts on new year's resolutions

3:00 - Cole's experiences working in large organisations

13:30 - Critical cybersecurity steps for organisations in 2025

20:30 - Using security tools to protect APIs

26:20 - Protecting against supply chain attacks

36:20 - Cole's perspective on DevSecOps

40:50 - Trends of 2024

50:40 - Diversity in the cybersecurity industry

1:01:02 - ASPM tools

1:13:20 - Why Cole enjoys making the podcast

1:21:00 - Life advice that has stayed with Cole

Mentioned in this episode:

Call for Feedback

Episode Summary

Elizabeth Stephens is CEO of DBS Cyber, where her team deliver IT solutions for clients in various industries. A retired Marine Corps Major and author of the book Building a Resilient Digital Future: A Comprehensive Guide to Cyber Risk Monitoring, Elizabeth draws from her diverse experience in her work. In her conversation with Cole Cornford, they discuss leveraging AI to be helpful and not harmful the politics and nuance of cybersecurity, lessons from Elizabeth's military experience that she applies to her current role, and plenty more.

1:00 - Elizabeth's background

7:30 - How we can leverage AI to be useful not harmful

14:30 - Using AI to help with parenting

20:30 - The politics & nuance of cybersecurity

23:30 - Roblox & cybersecurity for kids

27:00 - Lessons from the military Elizabeth applies to cybersecurity

30:30 - Elizabeth's journey as an author

36:30 - Cybersecurity for small business

Mentioned in this episode:

Call for Feedback