Boring AppSec

Home
About

[Update]

Starting Jan 2025, this newsletter will expand in scope. In addition to the Security operator perspective, I will write from the perspective of a founder in the Appsec space.

Is AppSec really boring?

It’s not. In fact, it’s fascinating! However, the industry tends to focus a lot of energy on the new shiny object. The latest Critical bug or the latest RASP tool or how AI/ML gobbledygook can make the world a better place. The thing is, in addition to keeping up with the latest trends, successful AppSec programs also do the boring things really well (think building an app inventory). This newsletter is about those “boring” things.

Why subscribe?

I am the co-founder of Seezo, a company building AppSec products. In the past, I spent 3 years building the Security program at Razorpay and spent ~10 years as an AppSec consultant with Cigital. In the first ~25 editions of this newsletter, I relied on my experience and readings from other successful people to write essays about one boring AppSec topic each edition.

Starting Jan 2025, I will write about boring and non-boring aspects of building a Product in the AppSec space.

User's avatar

Subscribe to Boring AppSec

E1-27: Getting the Boring aspects of AppSec right E28+: All aspects of building AppSec products

People

Sandesh Mysore Anand

@boringappsec
Sandesh Mysore Anand's avatar
 As the co-founder of Seezo, Sandesh is trying to solve Cyber Security challenges using Gen AI. Before this, Sandesh spent a decade in various cybersecurity roles including as the head of Security at Razorpay.
© 2025 Sandesh Mysore Anand
PrivacyTermsCollection notice
Start writingGet the app
Substack is the home for great culture