AppSec as Glue (Panel)
Mukund Sarma, Tad Whitaker, Sarah Liu, Ariel Shin, Jacob Salassi
BSidesSF 2025 — Here Be Dragons · Day 1 · Main
Application security teams cannot scale through individual heroics alone — they scale by acting as organizational glue, building relationships with engineering, platform, detection, and business teams that multiply their reach. The panel's central lesson: AppSec's unique value isn't finding vulnerabilities; it's connecting the people and systems needed to fix them, fund them, and prevent the next generation of them entirely. ---
AI review
A five-person panel on AppSec organizational dynamics that covers useful ground — the 500-engineer scaling inflection, the internal audit partnership flip, the platform-or-bust argument for secure defaults — but delivers none of it with enough depth to change how you think. Salassi's 'stop teaching developers security above 500 engineers, start delivering it through the platform' is the talk's best idea and would have been better explored in a solo session.