Redefining CyberSecurity

CI/CD Pipeline Security: Why Attackers Breach Your Software Pipeline and Own Your Build Before Production | AppSec Contradictions: 7 Truths We Keep Ignoring — Episode 4 | A Musing On the Future of Cybersecurity with Sean Martin and TAPE9 | Read by TAPE9

Episode Summary

Attackers don’t need to breach production—they’re owning the CI/CD pipeline long before code goes live. Sean Martin unpacks why cloud and build systems remain the weakest links, the data proving it, and what teams can do to restore delivery integrity.

Episode Notes

Organizations pour millions into protecting running applications—yet attackers are targeting the delivery path itself.

This episode of AppSec Contradictions reveals why CI/CD and cloud pipelines are becoming the new frontline in cybersecurity.

🔍 In this episode:

• A 188% surge in malicious open-source packages (Sonatype 2025)
• 30% of 2024 cyberattacks traced to suppliers (Financial Times 2025)
• 47% of organizations unable to assess pipeline risk (ENISA 2023)
• CISA labels build systems “high-value targets” (2025)

Sean’s Take:

The pipeline is production. Integrity beats visibility. Security must flow through delivery.

Catch the full companion article in the Future of Cybersecurity newsletter for deeper analysis and more research.

👉 Have you made CI/CD security measurable—or does it still feel like an endless patchwork of scripts, secrets, and trust? Are your pipelines part of your threat model—or an afterthought? How confident are you in the integrity of every artifact you release? Share your take—we’d love to hear your story—whether your team has succeeded in securing the software delivery pipeline from build to deploy, or whether attackers and complexity keep finding the cracks between your tools.

📖 Read the full companion article in the Future of Cybersecurity newsletter for deeper insights: 

🔔 Subscribe to stay updated on the full AppSec Contradictions video series and more perspectives on the future of cybersecurity: https://www.youtube.com/playlist?list=PLnYu0psdcllRWnImF5iRnO_10eLnPFWi_

________

This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.

Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn: https://itspm.ag/future-of-cybersecurity

Sincerely, Sean Martin and TAPE9

________

Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️

Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-location

To learn more about Sean, visit his personal website.