Building great security programs takes more than checklists and best practices—it takes vision, collaboration, and adaptability. In this episode, Bonnie Viteri, Principal Technical Security Engineer at Yahoo, shares how to build scalable, resilient programs that evolve, survive leadership turnover, and actually provide value to the business.

🔔 Subscribe for more practical AppSec insights:
https://www.youtube.com/channel/UCLgzXoXJ-TGO-y7Eh9quDUQ?sub_confirmation=1

Chapters:
00:00 – Start with the End: Vision-Driven Program Design
01:08 – Meet Bonnie Viteri: From Behavioral Psychology to Cybersecurity
02:10 – Foundation First: Mission, Vision, and Cross-Team Buy-In
04:07 – Designing Security Documents with Developers, Not for Them
06:00 – Metrics, Failure, and the Power of Feedback Loops
08:25 – People, Process, or Tech? Defining the Program Purpose
09:31 – Five-Year Plans and Building for Scale
12:26 – Implementation: Ownership, Handoffs, and Real-World Use
14:15 – Documentation That Survives Team Turnover
16:51 – Centralizing Knowledge and Making It Discoverable
18:30 – Program Optimization Through Onboarding and Culture
20:48 – Keeping Programs Alive via Security Champions & Internal Comms
22:25 – Case Study: API Security Documentation That Worked
25:19 – Reporting Program Value in Business Language
27:03 – Best Advice: "Your Fire Isn’t My Fire"
29:11 – Worst Advice: “You’d Be Bored as a Manager”
29:58 – Final Thoughts: Build, Fail Fast, Pivot Smarter

What You’ll Learn:
- How to build and scale a security program across teams
- Why collaboration and early buy-in matter
- Strategies for long-term documentation and program handoff
- How to connect program value to business language and executive metrics
- Real-world case study of API security success at scale

📺 Watch Next:
▶️ Secrets of AppSec Champions Podcast: https://www.youtube.com/playlist?list=PLR-uH0PJFszFcbMJ29AfAcWIJAPbBJaC7
▶️ Our Customers’ Success Stories & Reviews: https://youtube.com/playlist?list=PLR-uH0PJFszHDC0p6CBEvccqx1uNx8fpT&si=SUI6d31ResR51434
▶️ OWASP Top 10 LLM is Dead: Here's Why: https://youtu.be/Wet1tkt1eAw?si=NTUef42qt1WzcHbn
▶️ Mend.io Product Overview Demo: https://youtu.be/HfZ3uK-Eg5c
▶️ The Truth Behind Successful Security Operations Centers (SOC): https://youtu.be/XMlrxoIJVXg

🌐 Connect with Us:
🔗 Website: https://www.mend.io
🐦 Twitter: https://twitter.com/mend_io
📘 Facebook: https://www.facebook.com/mendappsec
💼 LinkedIn: https://www.linkedin.com/company/2440656

📜 Disclaimer:
This video is for educational purposes only. Mend.io is not responsible for any security decisions made based on this content.

#appsecurity #cybersecurity #cybersecurityexperts

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks. With a proven track record of successfully meeting complex and large-scale application security needs, Mend.io is the go-to technology for the world’s most demanding development and security teams. The company has more than 1,000 customers, including 25 percent of the Fortune 100, and manages Renovate, the open source automated dependency update project. For more information, visit www.mend.io, the Mend.io blog, and Mend.io on LinkedIn and Twitter.

As cyber threats evolve, so must the strategies to prevent them. In this episode, Samuel Brown—CEO of PacketX and retired U.S. Army CW4—shares mission-critical insights on risk mitigation, layered security, and why backups and plans on paper aren't enough. From ransomware recovery to real-world network defense, this conversation is packed with hard-earned lessons for AppSec professionals and business leaders alike.

🔔 Subscribe for real-world insights and actionable AppSec stories:
https://www.youtube.com/channel/UCLgzXoXJ-TGO-y7Eh9quDUQ?sub_confirmation=1

Chapters:
00:00 – What Real Risk Mitigation Requires
00:55 – Meet Samuel Brown: CEO of PacketX & U.S. Army Veteran
02:43 – Risk Identification, Tiering, and Business Impact
04:28 – Ransomware Lessons: Why Tested Backups Matter
07:01 – Data vs. Devices: Smart Prioritization Decisions
08:13 – Ransomware Response: Steps to Contain and Recover
09:44 – Real-World Example: Website Compromise and Layered Security
11:14 – MFA and Role-Based Access: Core to Risk Reduction
13:47 – CAC Cards & Military Insights on Access Control
16:44 – Firewalls, Segmentation & Vendor Diversity
20:42 – Patch Management: Fixing Without Rebreaking
23:58 – Least Privilege: Why Admin Rights Are Dangerous
26:33 – Why Small Businesses Are Easy Targets
28:27 – Simple Risk Monitoring Tips for Any Company
30:43 – Best & Worst Advice in Cybersecurity
32:47 – Closing Thoughts & Call to Subscribe

What You’ll Learn:
- How to build a real, tested risk mitigation plan
- Why backups fail without proper testing
- Critical layers of defense: from firewalls to user training
- How military cybersecurity practices apply to private business
- The one mindset that can prevent massive breaches

📺 Watch Next:
▶️ Secrets of AppSec Champions Podcast: https://www.youtube.com/playlist?list=PLR-uH0PJFszFcbMJ29AfAcWIJAPbBJaC7
▶️ Our Customers’ Success Stories & Reviews: https://youtube.com/playlist?list=PLR-uH0PJFszHDC0p6CBEvccqx1uNx8fpT&si=SUI6d31ResR51434
▶️ OWASP Top 10 LLM is Dead: Here's Why: https://youtu.be/Wet1tkt1eAw?si=NTUef42qt1WzcHbn
▶️ Mend.io Product Overview Demo: https://youtu.be/HfZ3uK-Eg5c
▶️ The Truth Behind Successful Security Operations Centers (SOC): https://youtu.be/XMlrxoIJVXg

🌐 Connect with Us:
🔗 Website: https://www.mend.io
🐦 Twitter: https://twitter.com/mend_io
📘 Facebook: https://www.facebook.com/mendappsec
💼 LinkedIn: https://www.linkedin.com/company/2440656

📜 Disclaimer:
This video is for educational purposes only. Mend.io is not responsible for any security decisions made based on this content.

#Cybersecurity #RiskMitigation #AppSec #Infosec

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development - using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks. With a proven track record of successfully meeting complex and large-scale application security needs, Mend.io is the go-to technology for the world’s most demanding development and security teams. The company has more than 1,000 customers, including 25 percent of the Fortune 100, and manages Renovate, the open source automated dependency update project. For more information, visit www.mend.io, the Mend.io blog, and Mend.io on LinkedIn and Twitter.

As the cybersecurity industry grows, more professionals are breaking into security from nontraditional backgrounds. In this episode, Edvinous Urbasius, a former developer turned cybersecurity consultant, shares his unfiltered story of how he got into the field without certifications—and what he learned on the job in a SOC.

🔔 Subscribe for real-world insights and actionable AppSec stories:
https://www.youtube.com/channel/UCLgzXoXJ-TGO-y7Eh9quDUQ?sub_confirmation=1

Chapters:
00:00 You Don’t Need Certifications to Start in Cybersecurity
00:56 Meet Edvinas: His Journey from Developer to Cybersecurity
03:50 The Cyber Attack That Sparked His Career Shift
07:01 Lessons Learned from Phishing Attacks and System Failures
11:02 Inside the SOC: Learning Logs, Alerts, and Triage on the Job
15:12 How Curiosity and Google Became His Cyber Tools
20:52 AI, Critical Thinking & Real-World Threat Detection
24:09 Peer Mentorship and Growing Through Collaboration
26:49 Why Coding Experience Helps in Cybersecurity Roles
31:49 Final Advice: Be So Good They Can’t Ignore You

What You’ll Learn:

- How to enter cybersecurity without a degree or certifications
- What working in a SOC actually looks like
- Why developer skills are a hidden advantage in security
- The power of curiosity, Google, and collaboration in learning fast

📺 Watch Next:
▶️ Secrets of AppSec Champions Podcast: https://www.youtube.com/playlist?list=PLR-uH0PJFszFcbMJ29AfAcWIJAPbBJaC7
▶️ Our Customers’ Success Stories & Reviews: https://youtube.com/playlist?list=PLR-uH0PJFszHDC0p6CBEvccqx1uNx8fpT&si=SUI6d31ResR51434
▶️ OWASP Top 10 LLM is Dead: Here's Why: https://youtu.be/Wet1tkt1eAw?si=NTUef42qt1WzcHbn
▶️ Mend.io Product Overview Demo: https://youtu.be/HfZ3uK-Eg5c
▶️ The Truth Behind Successful Security Operations Centers (SOC): https://youtu.be/XMlrxoIJVXg

🌐 Connect with Us:
🔗 Website: https://www.mend.io
🐦 Twitter: https://twitter.com/mend_io
📘 Facebook: https://www.facebook.com/mendappsec
💼 LinkedIn: https://www.linkedin.com/company/2440656

📜 Disclaimer:
This video is for educational purposes only. Mend.io is not responsible for any security decisions made based on this content.

#CyberSecurityCareers #SOCAnalyst #AppSec #Infosec #DeveloperToCybersecurity #SecretsOfAppSecChampions