KUBICAST #172 - AppSec at iFood with André and Matheus

Application security is an increasingly essential topic for those who develop and operate modern systems. In episode 172 of Kubicast, we spoke with two iFood specialists who deal daily with the real challenges of Application Security: André Esteves and Matheus Farias.

More than just talking about vulnerabilities, this conversation delves deep into the practices, tools, roles, and, most importantly, the mindset that transforms security into a shared and effective responsibility within companies.

What is AppSec (Application Security)?

AppSec goes far beyond the cliché of the "hacker in a hoodie." It is an area that takes care of application security from architectural design to the code that goes into production.

Blocking PRs? Yes, but with empathy

One of the highlights of the conversation is how iFood's culture balances rigorous automations (such as blocking pull requests based on vulnerabilities) with an approach of education and empathy. The goal is not only to detect problems but to create the conditions to solve them in an educational and collaborative way.

Want to migrate to security? Start with people

Soft skills were pointed out as one of the most important differentiators for anyone wanting to enter or grow in the field. Knowing how to communicate, establishing alliances with dev teams, building empathy, and generating value for the organization matter just as much as knowing how to use the tools.

Important Links:

• Andre Esteves - https://www.linkedin.com/in/andreestevespaiva/

• Matheus Farias - https://www.linkedin.com/in/eu-matheus-farias-devsecops/

• João Brito - https://www.linkedin.com/in/juniorjbn

• Watch the movie TEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflM

  
  

  
  

  
  

• Participate in our early access program and have a safer environment in seconds! https://getup.io/zerocve

🎧 Listen to Kubicast on Spotify as well, and share it with those Devs you love, even if they skip the pipeline's security steps!