Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. Today, my guest is Kaiwen Jiang, an Application Security Engineer at a financial services company in the UK. Her primary areas of focus are . She was previously a cybersecurity consultant at Deloitte. Kaiwen also runs a blog, AppSec Kiki, where she shares her knowledge with the community, and she’s an active participant in London’s OWASP community meetups! In this first episode of Season 2, Kaiwen shared insights on why open-source security in the supply chain has become such a hot topic this year, how to evaluate the risks of open-source software, and how to prioritize unit tests. We also discussed the importance of asset management and how she transitioned to a developer role for a time to better understand what prevents developers from fixing vulnerabilities in their release cycles. And there’s so much more! This episode is perfect for anyone who wants to dive into application security or learn more about getting started in the field. Dive right in!