Your SIEM is blind to application logic, and your SAST tool knows nothing about compromised endpoints. This gap between Enterprise Security and Product Security is a playground for attackers. So what happens when you team up a Director of Product Security (Dragos Cojocari) and a Staff Enterprise Security Architect (Filip Stojkovski) to break things?

For the past two years, we've been doing exactly that—tearing down the walls between our domains to build a unified defense. This isn't a talk about management theory; it's a collection of field notes on what works, what doesn't, and how to bridge the gap between high-level strategy and in-the-trenches engineering.

We will cover the practical "how-to" for:
- Hunting for application abuse cases by feeding application logs into the EntSec SIEM.
- Threat modelling enterprise architecture using AppSec methodologies to find paths of least resistance.
- Accelerating zero-day response, using EntSec's endpoint tools to find where vulnerable libraries are actually running.
- Building layered defenses that work, like combining DLP rules with CI/CD secret scanning to stop leaks before they happen.

You will leave with a roadmap for connecting these critical security functions, backed by real-world examples from the trenches