Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room.
Today, I’m joined by Iman Ilbag, a DevSecOps Engineer at KPN, one of the leading telecom providers in the Netherlands.
Previously, as the sole DevSecOps Engineer at Snappfood, he secured 70+ projects and trained hundreds of security champions. Iman transitioned from engineering to DevOps and Application Security, and has also worked on penetration testing and infrastructure security for both startups and larger enterprises.
He’s passionate about security automation and open-source security, always looking for ways to improve security practices. I was introduced to Iman through a referral from James Berthoty, a previous podcast guest.
In this episode, we dive into why a solid understanding of DevOps is essential before implementing DevSecOps, and how the cultural aspects of security often outweigh the tools themselves.
We also explore the limitations of ASPM tools, the role of Defect Dojo in effective vulnerability management, and why selecting the right security tools is critical for success.
Dive right in!
Connect with Iman: https://www.linkedin.com/in/iman-ilbag/
Connect with Alexandra: https://www.linkedin.com/in/alexandra-charikova/
Mentioned in the video:
DefectDojo: https://www.defectdojo.org/
Escape: https://escape.tech — API Security & DAST Platform
Latio list: https://list.latio.tech/