Subscribe
Share
Share
Embed
Building great security programs takes more than checklists and best practices—it takes vision, collaboration, and adaptability. In this episode, Bonnie Viteri, Principal Technical Security Engineer at Yahoo, shares how to build scalable, resilient programs that evolve, survive leadership turnover, and actually provide value to the business.
🔔 Subscribe for more practical AppSec insights:
https://www.youtube.com/channel/UCLgzXoXJ-TGO-y7Eh9quDUQ?sub_confirmation=1
Chapters:
00:00 – Start with the End: Vision-Driven Program Design
01:08 – Meet Bonnie Viteri: From Behavioral Psychology to Cybersecurity
02:10 – Foundation First: Mission, Vision, and Cross-Team Buy-In
04:07 – Designing Security Documents with Developers, Not for Them
06:00 – Metrics, Failure, and the Power of Feedback Loops
08:25 – People, Process, or Tech? Defining the Program Purpose
09:31 – Five-Year Plans and Building for Scale
12:26 – Implementation: Ownership, Handoffs, and Real-World Use
14:15 – Documentation That Survives Team Turnover
16:51 – Centralizing Knowledge and Making It Discoverable
18:30 – Program Optimization Through Onboarding and Culture
20:48 – Keeping Programs Alive via Security Champions & Internal Comms
22:25 – Case Study: API Security Documentation That Worked
25:19 – Reporting Program Value in Business Language
27:03 – Best Advice: "Your Fire Isn’t My Fire"
29:11 – Worst Advice: “You’d Be Bored as a Manager”
29:58 – Final Thoughts: Build, Fail Fast, Pivot Smarter
What You’ll Learn:
- How to build and scale a security program across teams
- Why collaboration and early buy-in matter
- Strategies for long-term documentation and program handoff
- How to connect program value to business language and executive metrics
- Real-world case study of API security success at scale
📺 Watch Next:
▶️ Secrets of AppSec Champions Podcast: https://www.youtube.com/playlist?list=PLR-uH0PJFszFcbMJ29AfAcWIJAPbBJaC7
▶️ Our Customers’ Success Stories & Reviews: https://youtube.com/playlist?list=PLR-uH0PJFszHDC0p6CBEvccqx1uNx8fpT&si=SUI6d31ResR51434
▶️ OWASP Top 10 LLM is Dead: Here's Why: https://youtu.be/Wet1tkt1eAw?si=NTUef42qt1WzcHbn
▶️ Mend.io Product Overview Demo: https://youtu.be/HfZ3uK-Eg5c
▶️ The Truth Behind Successful Security Operations Centers (SOC): https://youtu.be/XMlrxoIJVXg
🌐 Connect with Us:
🔗 Website: https://www.mend.io
🐦 Twitter: https://twitter.com/mend_io
📘 Facebook: https://www.facebook.com/mendappsec
💼 LinkedIn: https://www.linkedin.com/company/2440656
📜 Disclaimer:
This video is for educational purposes only. Mend.io is not responsible for any security decisions made based on this content.
#appsecurity #cybersecurity #cybersecurityexperts
Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks. With a proven track record of successfully meeting complex and large-scale application security needs, Mend.io is the go-to technology for the world’s most demanding development and security teams. The company has more than 1,000 customers, including 25 percent of the Fortune 100, and manages Renovate, the open source automated dependency update project. For more information, visit www.mend.io, the Mend.io blog, and Mend.io on LinkedIn and Twitter.
🔔 Subscribe for more practical AppSec insights:
https://www.youtube.com/channel/UCLgzXoXJ-TGO-y7Eh9quDUQ?sub_confirmation=1
Chapters:
00:00 – Start with the End: Vision-Driven Program Design
01:08 – Meet Bonnie Viteri: From Behavioral Psychology to Cybersecurity
02:10 – Foundation First: Mission, Vision, and Cross-Team Buy-In
04:07 – Designing Security Documents with Developers, Not for Them
06:00 – Metrics, Failure, and the Power of Feedback Loops
08:25 – People, Process, or Tech? Defining the Program Purpose
09:31 – Five-Year Plans and Building for Scale
12:26 – Implementation: Ownership, Handoffs, and Real-World Use
14:15 – Documentation That Survives Team Turnover
16:51 – Centralizing Knowledge and Making It Discoverable
18:30 – Program Optimization Through Onboarding and Culture
20:48 – Keeping Programs Alive via Security Champions & Internal Comms
22:25 – Case Study: API Security Documentation That Worked
25:19 – Reporting Program Value in Business Language
27:03 – Best Advice: "Your Fire Isn’t My Fire"
29:11 – Worst Advice: “You’d Be Bored as a Manager”
29:58 – Final Thoughts: Build, Fail Fast, Pivot Smarter
What You’ll Learn:
- How to build and scale a security program across teams
- Why collaboration and early buy-in matter
- Strategies for long-term documentation and program handoff
- How to connect program value to business language and executive metrics
- Real-world case study of API security success at scale
📺 Watch Next:
▶️ Secrets of AppSec Champions Podcast: https://www.youtube.com/playlist?list=PLR-uH0PJFszFcbMJ29AfAcWIJAPbBJaC7
▶️ Our Customers’ Success Stories & Reviews: https://youtube.com/playlist?list=PLR-uH0PJFszHDC0p6CBEvccqx1uNx8fpT&si=SUI6d31ResR51434
▶️ OWASP Top 10 LLM is Dead: Here's Why: https://youtu.be/Wet1tkt1eAw?si=NTUef42qt1WzcHbn
▶️ Mend.io Product Overview Demo: https://youtu.be/HfZ3uK-Eg5c
▶️ The Truth Behind Successful Security Operations Centers (SOC): https://youtu.be/XMlrxoIJVXg
🌐 Connect with Us:
🔗 Website: https://www.mend.io
🐦 Twitter: https://twitter.com/mend_io
📘 Facebook: https://www.facebook.com/mendappsec
💼 LinkedIn: https://www.linkedin.com/company/2440656
📜 Disclaimer:
This video is for educational purposes only. Mend.io is not responsible for any security decisions made based on this content.
#appsecurity #cybersecurity #cybersecurityexperts
Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks. With a proven track record of successfully meeting complex and large-scale application security needs, Mend.io is the go-to technology for the world’s most demanding development and security teams. The company has more than 1,000 customers, including 25 percent of the Fortune 100, and manages Renovate, the open source automated dependency update project. For more information, visit www.mend.io, the Mend.io blog, and Mend.io on LinkedIn and Twitter.
Creators and Guests
Host
Chris Lindsey
Chris Lindsey is a seasoned speaker who has appeared at conferences, webinars, and private events. Currently building an online community and creating a podcast series, Chris draws on expertise from more than 15 years of direct security experience and over 35 years of experience leading teams in programming and software, solutions, and security architecture. For three years, Chris built and led an entire application security program that includes the implementation of mature AppSec programs, including oversight of security processes and procedures, SAST, DAST, CSA/OSA, compliance, training, developer communication, code reviews, application inventory gathering, and risk analysis.
What is Secrets of AppSec Champions?
Join host Chris Lindsey as he digs into the world of Application Security with experts from leading enterprises. Each episode is theme based, so it's more conversational and topic based instead of the general interview style. Our focus is growing your knowledge, providing useful tips and advice. With Chris' development background of 35 years, 15+ years of secure coding and 3+ years running an application security program for large enterprise, the conversations will be deep and provide a lot of good takeaway's that you can use almost immediately.