Vibe coding is here and most organisations are nowhere near ready for what it means for security. In this episode of Secured, Cole Cornford sits down with Patrick Collins and Simon Harloff, founders of Dam Secure, to unpack how AI is reshaping software development and why the old AppSec playbook is not keeping up.

They cover the shift from artisanal to factory model engineering, why skills and agents.md files are less reliable than people think, and why the SaaSpocalypse narrative is mostly a distraction from the work that actually matters. Patrick and Simon also walk through how Dam Secure enforces organisational security rules at plan time, before a single line of AI generated code gets written.

00:00 Trailer

01:01 Chainguard ad

01:28 Meet Patrick Collins and Simon Harloff from Dam Secure

03:00 Why existing AppSec tooling never worked for developers

05:30 The artisanal vs factory model of software development

08:30 Hacker News, polarisation and the AI sentiment shift

11:00 Agile, standups and processes that no longer make sense

14:00 Bigger PRs, higher velocity and workflows without an IDE

17:00 Skills, agents.md and the limits of deterministic guardrails

20:00 The AppSec to developer ratio problem

23:00 The SaaSpocalypse and why rebuilding tools is a side quest

27:00 React, digital certificates and security through business incentives

30:00 How Dam Secure works: secure spec and plan time enforcement

34:00 Vibe coders, Lovable and the risk beyond professional developers

36:00 Where to find Dam Secure and closing remarks

🐙 Secured is grateful to be sponsored and supported by Chainguard.

Chainguard is the trusted source for open source. Get hardened, secure, production-ready builds so your team can ship faster, stay compliant, and reduce risk. Download your free CVE Reduction Assessment at https://dayone.fm/chainguard

To learn more, join our newsletter to be notified of new First Cheque episodes and upcoming shows.

When Sam Fariborz moved to Australia from Iran, she had been working as an IT manager. While she had plenty of experience and strong technical skills, the move to Australia was challenging, and in this episode Sam discusses some of the barriers to entry she faced. By attending cybersecurity events and reaching out to people on LinkedIn, Sam found mentors and peers who helped progress her career, and today Sam is Cybersecurity Services & Program Manager for Kmart group which employs nearly 50,000 people across Australia and New Zealand. Sam chats with Cole Cornford about how to network effectively, the growth of cybersecurity as a profession in the last couple of decades, the need for greater diversity within the industry, and plenty more.

🐙 Secured is grateful to be sponsored and supported by Chainguard.

Chainguard is the trusted source for open source. Get hardened, secure, production-ready builds so your team can ship faster, stay compliant, and reduce risk. Download your free CVE Reduction Assessment at https://dayone.fm/chainguard

To learn more, join our newsletter to be notified of new First Cheque episodes and upcoming shows.

Mentioned in this episode:

Download your free CVE Reduction Assessment

Chainguard is the trusted source for open source. Get hardened, secure, production-ready builds so your team can ship faster, stay compliant, and reduce risk.

December 2025 - Chainguard

The ISM has been updated again, and this time AI is front and centre. In this episode of Secured, Cole Cornford is joined by returning guest Toby Amodio, Practice Lead at Fujitsu Cybersecurity Services, for another instalment of Policy Wonks and Gronks, cutting through the vendor noise to talk about what the March 2026 update actually means in practice.

They explore where AI is genuinely delivering value for cyber professionals, from automating compliance mapping and vendor assessments to streamlining pen test reporting and SOC triage. But they are equally candid about the risks: the erosion of foundational skills as junior roles get outsourced to AI, the creeping fatigue of reviewing outputs at scale, and the danger of skipping straight to full automation without the expertise to validate what the machine is doing.

The conversation also tackles bigger picture concerns unique to Australia, sovereign AI capability, the risk of a brain drain to the US, and whether a small country can afford to decentralise its AI infrastructure. Toby closes with a sharp reminder for government CISOs: AI is just another system, and how people use it matters far more than the certifications attached to it.

00:00 Episode Trailer

01:01 Chainguard ad

01:28 Intro and the March 2026 ISM update

03:00 AI hype vs real world utility

05:00 Governance and compliance use cases

08:00 Vendor assessments and knowledge base automation

11:00 Skill erosion and the junior roles question

14:00 AI in pen testing: reporting, scoping and customer experience

17:30 The maturity model for AI adoption

21:00 Vibe coding, slop assurance and fatigue at scale

25:00 Agents watching agents and the bot vs bot future

28:30 Australian AI sovereignty and the brain drain risk

32:00 Top tip for government CISOs on AI risk

35:00 Shadow AI and DNS log visibility

37:00 Closing remarks

🐙 Secured is grateful to be sponsored and supported by Chainguard.

Chainguard is the trusted source for open source. Get hardened, secure, production-ready builds so your team can ship faster, stay compliant, and reduce risk. Download your free CVE Reduction Assessment at https://dayone.fm/chainguard

To learn more, join our newsletter to be notified of new First Cheque episodes and upcoming shows.