Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. Today, I’m joined by Diego Sempreboni, a Senior Application Security Engineer at Pleo. Diego earned his PhD in Computer Science, specializing in security, at King’s College London. After realizing his passion lay in solving real-world problems, he transitioned from academia to product and application security, gaining valuable experience in various fintech companies in the UK. In this episode, we discuss the key differences between academia and engineering in security and why vendors should focus on creating tools that do less but do it better—tools that actually help to fix problems. We also explore the challenges of automating threat modeling and remediation, and why trust within a company is crucial for AppSec engineers. And there’s much more! This episode is perfect for anyone weighing the choice between security research and engineering or for newcomers eager to learn more about AppSec! Dive right in!