Thursday, February 28, 2019

How to Cut Through Vendor Claims & Marketing Hype When Evaluating New Security Tools


I have a new post on the Threat Stack blog.

Check out my other recent Threat Stack posts!

Tuesday, February 19, 2019

How to Identify Threats Within Your Docker Containers


I have a new post on the Threat Stack blog.

Check out my other recent Threat Stack posts!

Wednesday, August 22, 2018

Self-Reliance Redo

I spoke this past Sunday in the Methuen Ward on self-reliance. I used the text of the last talk I gave on self-reliance, only I stripped it down to bullet points so I would not read it. That meant I did not have to talk so fast, but it also means I rambled a bit at times and probably used filler words. Oh well. One poor individual had actually been in Billerica when I gave the talk the first time. He only recognized the first Indiana Jones story and not the rest of the talk. I guess that's good that I use a memorable introduction, right?


You can find the notes I used below, or look at the Google Doc.

Sunday, May 20, 2018

The Restoration

I spoke in the Lynnfield Ward today. I received the assigned topic of "the Restoration" and collected a number of eclectic thoughts to put together my talk. For some reason I got really nervous giving this talk. I think the topic ended up coming together in a good way, but my delivery didn't work too well. It happens. I'm copying my notes below.


Friday, May 18, 2018

SLDC, SOC 2, and Other Four Letter Words


I have a new post on the Threat Stack blog based on my presentation last week at SOURCE Boston!

Talk description:
Except for any authors of trojans that may have stumbled in accidentally, we all want to write secure applications. In spite of our sincere desires, vulnerable code gets shipped. Why? What do we do to fix it? What can we do to prevent it from happening? The answers exist in the realm of the software development life cycle, or SDLC. Various compliance vehicles (such as SOC2) exist to help us formulate an effective SDLC, but any security expert knows that checking a box does not typically yield the desired results. This talk describes the SDLC used by the agent team at Threat Stack, while also bringing in outside experiences to supplement. It also goes over pitfalls observed and lessons learned. You might not use the same tools or produce the same product, but the talk focuses on principles to make the resulting product more secure.

Check out my other recent Threat Stack posts!