The BoringAppSec Community

The BoringAppSec Community

Home
Podcast
The Boring AppSec Newsletter
AI Security Engineer
About

We’re now a community!

What started as a newsletter has grown into something bigger. The Boring AppSec Community is now home to two blogs, a podcast, and a Slack community where security practitioners can connect, share, and learn together.

Why “Boring” AppSec?

When we started this newsletter, the security industry was obsessed with the shiny stuff: the latest critical vulnerability, the newest tool, the buzzword of the week. Meanwhile, the most successful security programs were quietly getting the fundamentals right: asset inventory, threat modeling, vulnerability management. The “boring” stuff that actually matters.

That’s still true. But now we’re living through something different. AI is reshaping how we build software, how we break it, and how we secure it.

So we’ve evolved too. We still care about getting the basics right, but we’re also deep in the weeds on AI security, agentic systems, and what it means to build and defend software in this new era. We talk to founders, researchers, and practitioners who are figuring this out in real time.

What you’ll find here

Two Blogs

  • The Boring AppSec Newsletter. This is Sandesh’s Blog. Insights on building security programs and products, from someone who’s done it at Razorpay and is now building Seezo.

  • AI Security Engineer. This is Anshuman’s blog. Deep dives into AI and security, product security engineering, and hands-on security research.

The Boring AppSec Podcast. Anshuman & Sandesh in conversations with founders, practitioners, and builders across security and AI.

Slack Community: A place to hang out, ask questions, share ideas, and connect with others who care about security. We’re figuring out what this looks like together. Come help shape it by signing up here.

In the future, we hope to collaborate with other experts to bring you more relevant and fun Security content.

Who are we?

Sandesh Mysore Anand: Co-founder of Seezo, where he’s building AppSec products for the modern SDLC. Previously spent 3 years as Head of Security at Razorpay and a decade as an AppSec consultant at Cigital/Synopsys. Writes about the boring and not-boring aspects of building in the security space.

Anshuman Bhartiya: Staff Security Engineer at Lyft with 14+ years in InfoSec. Has built product security programs from scratch at multiple companies, spoken at Defcon and Black Hat Arsenal, and is deep into the intersection of AI and security. Creator of SecureVibes and various open-source security tools.

Chaithra M J: Manages the site and the Slack community for Boring AppSec. During the day, she is a content writer and a marketing professional who has helped multiple Security companies deliver their message.


Join the community

  • Subscribe to get posts delivered to your inbox (This includes both newsletters and the podcast)

  • Listen to the podcast on Spotify / Apple Podcasts

  • Join our Slack to chat with the rest of the Boring AppSec community

User's avatar

Subscribe to The BoringAppSec Community

Anshuman & Sandesh on Security. 2 blogs. 1 Podcast. 1 Slack community.

People

© 2026 Sandesh Mysore Anand · PrivacyTermsCollection notice
Start your SubstackGet the app
Substack is the home for great culture