I found this when listening to episode 194 of the Bike Shed podcast: My PGP Shame. I'd only added this episode to my playlist as it was an interesting title, but listening to it, it was even better than I thought.
There was some great stuff in there about Thoughtbot's application security guide, linked, which is a definite must-read.
My favourite quote of the episode, though, is the following exchange:
I've got to be honest, how does anything work at all? Oh computers don't work
Recommended read: Thoughtbot's Application Security Guide https://github.com/thoughtbot/guides/blob/master/security/application.md