Joe Nicastro, Legit Security | theCUBE + NYSE Wired @ RSAC 2025

In this episode of theCUBE, host Dave Vellante interviews Joe Nicastro, Field CTO at Legit Security, during RSAC 2025. The conversation centers around supply chain security, especially in the realm of application security posture management (ASPM). Nicastro offers insights into how Legit Security helps organizations identify and mitigate vulnerabilities in their CI/CD pipelines. The discussion encapsulates key concepts like the shift-left paradigm, the complexities of vulnerability management, and the role of artificial intelligence in enhancing application security. Additionally, they delve into how these innovations not only contribute to robust security measures but also expedite development processes, demonstrating the intersection of security and development cultures within organizations.

• Overview of Legit Security's approach to application security posture management (ASPM).
• Challenges organizations face in identifying and addressing vulnerabilities in their development pipelines.
• The significance of contextual understanding for effective vulnerability prioritization.
• Insights on the shift-left paradigm and its impact on development and security processes.
• The role of artificial intelligence in security risk management and its implications.
• Strategies for organizations to break down cultural barriers between development and security teams.
• The evolution of supply chain security and the lessons learned from incidents like SolarWinds and log4j.
• Addressing the risks associated with AI-generated code in development environments.