🎙️ Coffee, Chaos and ProdSec, Ep 21

Security teams love tools and checklists, but most failures start with people, pressure, and messy handoffs.So this week, Kurt and Cameron grab their mugs and break down what certifications do not teach, how human risk shows up in real incidents, and why security only works when it becomes a team sport.

From rushed approvals and blurry ownership, to vulnerability management that turns into prioritization fights, to governance that looks solid until change hits, this episode follows the work where it actually breaks.Your hosts dig into why execution beats perfection, how context matters more than compliance, and where AI speeds up both delivery and abuse while teams are still trying to keep up. It is practical, a little chaotic, and full of moments that feel like “yeah, that tracks.”

If you work in Cybersecurity, Application Security, Product Security, DevSecOps, Software Supply Chain Security, or you are trying to scale security without losing your mind, this episode is for you.

☕ New episodes every Wednesday.

Coffee, Chaos and ProdSec -> strong coffee, stronger opinions.

🎙️ Coffee, Chaos and ProdSec

Ep 20 APIs are the backbone of modern apps, and attackers know it.

This week, Kurt and Cameron break down the API security mess with stories from the trenches, practical fixes, and a few "how is this still happening" moments that'll make you check your own endpoints.

From unauthenticated APIs sitting wide open to broken authorization bugs that let you change one ID and steal the whole database, the hosts walk through the Hall of Shame with examples that sting. They tackle the nightmare of zombie and shadow APIs nobody remembers deploying, explain why API inventory is nearly impossible to maintain, and explore how bots have evolved into AI agents that can scan, exploit, and exfiltrate faster than any human.

Your hosts dig into why security through obscurity still exists in 2026, how to actually test APIs before attackers do, and what happens when AI shopping agents and MCP servers become the new attack surface. It's a tour through Application Security, DevSecOps, and Cybersecurity realities with humor and zero fluff.

If you're building or defending APIs, this episode is required listening.

☕ New episodes every Wednesday.

Coffee, Chaos and ProdSec -> strong coffee, stronger opinions.

🎙️ Coffee, Chaos and ProdSec, Ep 19

Cloud security keeps getting more complicated, but identity keeps getting ignored.

So this week, Kurt and Cameron grab their coffee and dig into why identity failures are quietly powering most modern cloud incidents.

From service accounts that never die, to Kubernetes clusters held together with cluster admin access and hope, to APIs nobody remembers exposing, this episode walks through the real reasons cloud security keeps falling apart at scale.

They talk through why teams still treat workload identities like humans, how Kubernetes creates a false sense of safety, why API sprawl and logging pipelines leak more data than people realize, and where AI actually helps versus where it just adds noise and false confidence.

There’s no vendor pitch here. Just honest conversations about tradeoffs, broken assumptions, and the gap between cloud security best practices and what actually survives in production.

If you work in Cybersecurity, Application Security, Product Security, DevSecOps, Software Supply Chain Security, or you’re trying to make sense of cloud chaos without the buzzwords, this one’s for you.

☕ New episodes every Wednesday.

Coffee, Chaos and ProdSec -> strong coffee, stronger opinions.