Coffee, Chaos and ProdSec Ep 32 - Password Resets, Dev Laptop Secrets, and the NHI Mess Nobody Wants to Own
ποΈ Coffee, Chaos and ProdSec, Ep 32
Your org is still forcing 90-day password resets. NIST said stop years ago. Nobody wants to be the one who changes it.
This week Cameron and Kurt get into three trust assumptions enterprise security programs are still running on in 2026 that nobody actually validated. Mandatory rotation that creates predictable mutations instead of stronger passwords, developer laptops loaded with production credentials that agentic coding tools now inherit without anyone scoping that access, and non-human identities that most teams can't inventory let alone govern when something goes wrong.
From the compliance inertia keeping dead controls alive, to the blast radius sitting on every developer machine in your environment, to whether NHI taxonomy is a useful governance framework or just a cleaner slide deck, this one covers the full mess with zero comfort and zero vendor sympathy.
If you work in Product Security, Application Security, DevSecOps, or Cybersecurity and you have ever enforced a control you stopped believing in because nobody wanted to own killing it, this episode will hit close to home.
β New episodes every Wednesday.
Coffee, Chaos and ProdSec -> strong coffee, stronger opinions.