Decades ago, a young boy sat in the attic of his home, just at the edge of the Empire State Building’s radio shadow. The crackling AM radio suddenly shifted from a Sunday morning church program to the familiar sound of a telephone left off the hook. He perked up, ready to dive into a different world—one of clever hacks, magic cereal whistles, and the ever-expanding horizon of technology.
That boy was me, tuning into Off the Hook, a hacker broadcast hosted by a mysterious character going by the alias Emmanuel Goldstein—a nod to Orwell’s antagonist in 1984. For me, this was the spark that ignited a lifelong passion for tech and cybersecurity. And like many in the InfoSec community, I look back on those early moments as the foundation of a career spent understanding and defending the systems we all rely on.
Fast forward to today and I’m thrilled to announce the launch of AppSec Serialized, a brand new podcast by Invicti. This podcast gives us a platform to dive deep into the topics that keep us buzzing in the world of application security. For me, working on the podcast was also a full-circle moment, going back to my own origins in the tech world—only this time, I get to not only listen but also to create something new and exciting.
The name AppSec Serialized captures the playful, punny tone of the show, blending the concept of serialized storytelling with a twist on the tech vulnerability of insecure deserialization. We channel a bit of the old-time radio serial vibe with a modern AppSec twist, and add conversation between security practitioners.
A fresh approach to the cybersecurity podcast
At Invicti, we pride ourselves on being innovative, and this podcast is no exception. As a long-time lover of stories and narratives, I wanted to bring a unique flavor to our discussions. Each episode begins with an opening fictional segment dramatizing a key aspect of AppSec, sometimes drawing heavily on real-world incidents (don’t worry—we’ve changed the names to protect the innocent and not-so-innocent). We switch perspectives throughout the series, alternating between the mindset of an attacker and a defender, giving listeners a chance to engage with security themes in a more narrative, approachable way.
The heart of each episode is a laid-back conversation where our CTO, Frank Catucci, and I tackle current trends, share insights, and discuss all things security—from web apps to APIs and everything in between. Occasionally, we dive deeper into the technical details, but we make sure to keep it accessible for all listeners. Our conversations flow naturally, a result of years of presenting together at conferences like OWASP and BlackHat, as well as during internal fireside chats.
For additional insights and points of view, for season 1, we’ve brought in some special guests from within Invicti. These include our Principal Security Researcher, Bogdan Calin, who sheds light on the latest AI/ML models, and our own AppSec gurus in the form of Invicti’s CISO Matt Sciberras and Application Security Engineer Paul Good, who share internal best practices in AppSec.
A collaborative effort in-house
What makes AppSec Serialized even more special is that we’re producing the whole series entirely in-house. From music to voice acting, sound mixing, and overall production, a small but mighty team (shoutout to Zbigniew Banach and Meaghan McBee) handles it all. The intro music was specially written to give each episode that Top Gear-inspired kick, and you’ll find plenty of fun references peppered throughout the episodes. We’ve even found ourselves building up some internal lore as our fictional story characters grow—who knew?
Behind-the-scenes nerdy details
For those of you who like to peek at the source code, the process we use to produce the podcast is pretty straightforward.
We record episodes using Blue Yeti mics set to Cardioid mode at approximately 25% gain, with Sony MDR 7506 headphones to eliminate bleeding. We use the open-source Audacity audio editor to record a local raw track, synchronized with a clap at the start of recording. The raw tracks are then passed through an Audacity noise filter trained on open mic noise (12dB reduction in 3 bands with 6.0 sensitivity) and edited to arrive at the final source material.
The fiction story and talk tracks are then manually lined up, edited, and mixed using a digital audio workstation (DAW), specifically Cakewalk by Bandlab. At this stage, the music segments, effects, intros, and outros are also added and blended in. The final mix is compressed at 4:1 and normalized to -3dB before exporting to a high-quality MP3 ready for publication.
Tune in and chill out
This podcast is a labor of love, and we’ve had an incredible time bringing it to life. We hope you enjoy listening to AppSec Serialized as much as we’ve enjoyed creating it. For episode 1, we went after the OG web vulnerability: cross-site scripting (XSS). Stay tuned, and join us for a journey through the ever-evolving world of AppSec!