Time to address AppSec issues no one wants to talk about.
Welcome to our first virtual conference, inspired by the values of our podcast, The Elephant in AppSec! Get ready for an event where bold opinions and top Application Security experts come together like toast and butter. Our mission is to explore a wide range of AppSec topics, delivering an engaging and educational experience for all attendees.

YouTube: https://www.youtube.com/@the-elephant-in-appsec

The Elephant in AppSec Conference

## This track is perfect for those who want to hear speakers' specific takes on different AppSec tooling.

You can expect roasts of tools’ features, examples of nonsensical marketing, and of course, several mentions of how XYZ is dead.

Explore all the abstracts here 👉 <https://www.theelephantinappsec.com/schedule>

📆 Track 2 "AppSec Tools" Schedule:

9:00 AM - 9:05 AM PST: Opening Word

9:05 AM - 9:35 AM PST: James Berthoty - "A future of Security free from CNAPP"

9:40 AM - 10:10 AM PST: Expert panel: Sandesh Mysore Anand, Antoine Carossio, and Amit Bismut- "Can we actually measure the effectiveness of AI in cybersecurity?"

10:15 AM - 10:45 AM PST: Ron Nissim - "Is PAM Dead?! Long live Just-in-time Access!"

10:50 AM - 11:20 AM PST: Swan Beaujard - "DAST is dead, or is it?"

11:25 AM - 11:55 AM PST: Tristan Kalos - "We have been doing API security wrong"

12:30 PM - 1:00 PM PST: Jeevan Singh - "Most Security Tools are expensive paperweights: How to get your money’s worth"

1:05 PM - 1:35 PM PST: Kyle Kelly - "Roast of Software Supply Chain Security"

1:40 PM - 2:10 PM PST: Munawar Hafiz - "Our SAST Tools Have Failed Us"

2:15 PM - 2:45 PM PST: Anmol Agarwal - "AI in AppSec: Why We Need To Prioritize Security"


Track 2: AppSec Tools

## Explore what’s broken in AppSec and how to fix it.

This track is full of bold insights and spicy takes that challenge the status quo.

Explore all the abstracts here 👉 <https://www.theelephantinappsec.com/schedule>

📆 Track 1 "General AppSec Topics" Schedule:

9:00 AM - 9:05 AM PST: Opening Word

9:05 AM - 9:35 AM PST: Tanya Janca - "Shifting Left Doesn’t Mean Anything Anymore"

9:40 AM - 10:10 AM PST: Kim Wuyts - "Compliance is overrated"

10:15 AM - 10:45 AM PST: Cassey Crossley - "Accountability in Application Development"

10:50 AM - 11:20 AM PST: Akira Brand - "Mycelium as the Path: How the Fungi Kingdom Guides us Toward Resilience in Our Cyber Programs"

11:25 AM - 11:55 AM PST: Chris Romeo - "Why the 'Secure by Design' pledge won't save us from AppSec failures"

12:00 PM - 12:25 PM PST: Dustin Lehr - "Building a Proactive Developer Security Culture - Can We Actually Make it Work?"

1:05 PM - 1:35 PM PST: Jacob Salassi - "Shift left sucks for SWEs: AppSec is a structured data problem"

1:40 PM - 2:10 PM PST: Expert Panel: Mel Reyes, Ariel Shin, Alina Yakubenko - "The Challenge of Scaling AppSec: Why It's Harder Than You Think"

2:15 PM - 2:45 PM PST: Aravind Sreenivasa - "My mistakes in building an AppSec team"

2:45 PM - 3:00 PM PST: Closing Remarks


Track 1: General AppSec Topics

## This track is perfect for those who want to hear speakers' specific takes on different AppSec tooling.

You can expect roasts of tools’ features, examples of nonsensical marketing, and of course, several mentions of how XYZ is dead.

Schedule and speakers are to be announced in November 2025.


Track 2: AppSec Tools

This track is perfect for those who want to hear speakers' specific takes on different AppSec tooling.

Replays

Track 2: AppSec Tools

Track 1: General AppSec Topics