From Cryptography to AppSec: Scott Contini on Building Practical Security
Description
Episode Summary
Scott Contini has a PhD in cryptography with more than a dozen research publications, and has spent the last 15 years focused on solving real-world security problems. After switching from academia to industry in 2008, Scott has identified hundreds of cryptographic implementation flaws across the world, written widely read blogs on common coding mistakes, and contributed significantly to the 2021 OWASP Top 10 topic of Cryptographic Failures. He joins Cole Cornford to discuss how cryptography often goes wrong in practice, why secure-by-default APIs are reshaping security today, and the importance of clear communication and community-building in advancing the field. Scott also shares stories from working alongside legendary figures in cryptography, and offers advice for anyone looking to build a sustainable and impactful security career.
Timestamps
00:20 - Scott’s background in cryptography and transition to AppSec
02:00 - Moving from theory to real-world security challenges
05:00 - Common cryptography mistakes in the industry
07:50 - Why using the wrong encryption modes leads to vulnerabilities
10:10 - How Java’s cryptography design led to widespread issues
14:40 - The rise of secure-by-default APIs in cryptography
17:00 - Stories from working with cryptographic legends
22:00 - Improving advice in the OWASP community
27:50 - The value of writing and public speaking in AppSec careers
33:00 - Advice for newcomers in security: think like an attacker and keep learning
Mentioned in this episode:
Call for Feedback
This podcast uses the following third-party services for analysis:
Podtrac - https://analytics.podtrac.com/privacy-policy-gdrp
Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/
United States
