Developing the Skills Needed for Modern Software Development - Keith Hoodlet, Shashwat Sehgal, Ron Rasin - ASW #376

Mar 31, 2026

Guest

Sashwat Segal

Guest

Ron Rasin

Guest

Keith Hoodlett

Sashwat Segal, CEO focused on agentic AI and authorization. Ron Rasin, identity-security strategist for runtime controls. Keith Hoodlett, security researcher leader who builds vulnerability teams. They discuss skills for modern software security, how AI agents change identity and access, hiring and research practices, agent guardrails, and why core software fundamentals still matter.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

ADVICE

Use Layered Defenses For Agentic Engineering

Implement layered defenses: skills files, static analysis, fuzzing, and human review together, because agent hooks are nondeterministic.
Keep skills files concise to improve hit rate and combine with runtime checks and tests.

INSIGHT

Small Models Could Cut Hallucinations But Brownfield Risk Remains

Small hallucination-free models could change coding safety by reliably following guardrails, reducing human review burden.
But brownfield monoliths and authN/AuthZ idiosyncrasies still create new per-agent vulnerabilities at scale.

ADVICE

Sharpen Long Form Reading And Writing

Improve long-form reading and writing skills to document intent and audit LLM outputs or PRs.
Keith's blog 'If I Were 18 Again' stresses long-form communication for asynchronous teams and effective prompt/context design.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

The future of secure software is going through a mix of skills expected of humans and skills files created for LLMs. We might even posit that appsec as a discipline will fade (and that might not even be a bad thing!). Keith Hoodlet describes the skills he was looking for in building teams of security researchers and why there's still an emphasis on the ability to learn about and understand how software is built.

But figuring out what skills will get you hired and what skills are valuable to invest in still feels daunting to new grads and others entering the security industry. We discuss where the role of appsec seems to be heading and a few of the security and software fundamentals that can help you follow that direction.

Segment resources

Then, we rebroadcast two interviews from RSAC 2026.

The Identity Crisis of Agentic AI

Identity security is being stretched between legacy infrastructure that was never built to be secure and rapidly emerging AI agents and non-human identities that organizations are quickly adopting. As AI accelerates, identity risk grows alongside it, making agentic security fundamentally an identity challenge—because the more access AI has, the greater both its power and potential risk. In this session, Ron Rasin explores how past gaps in areas like Active Directory and machine identities created today’s blind spots, and why identity must now act as the control plane for AI-driven enterprises, with real-time enforcement before access is granted. He also highlights new innovations and partnerships enabling embedded identity controls across human, non-human, and AI identities, emphasizing that at machine speed, reactive security is no longer enough.

To learn more about Silverfort and their AI Agent product, visit https://securityweekly.com/silverfortrsac.

Privileged by Design: AI Agents and the New Identity Risk to Production Systems

At RSAC this year, the AI conversation is getting more practical. Less “look what agents can do” and more “who’s actually in control when an autonomous system can take real actions across business apps and infrastructure.”

The Moltbook breach and the growing attention on OpenClaw-style agent vulnerabilities put real weight behind that question because they show how quickly agent ecosystems can scale past oversight.

Today we’re talking with Shashwath, CEO of P0 Security, about why identity and authorization are the quiet enablers of modern AI, where teams are losing control as non-human identities explode and what security leaders can do to keep innovation moving without turning access sprawl into enterprise risk.

To learn more about P0 Security, visit: https://securityweekly.com/p0rsac.

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw-376