Sunday, May 20, 2018

The Restoration

I spoke in the Lynnfield Ward today. I received the assigned topic of "the Restoration" and collected a number of eclectic thoughts to put together my talk. For some reason I got really nervous giving this talk. I think the topic ended up coming together in a good way, but my delivery didn't work too well. It happens. I'm copying my notes below. 

Friday, May 18, 2018

SLDC, SOC 2, and Other Four Letter Words

I have a new post on the Threat Stack blog based on my presentation last week at SOURCE Boston!

Talk description:
Except for any authors of trojans that may have stumbled in accidentally, we all want to write secure applications. In spite of our sincere desires, vulnerable code gets shipped. Why? What do we do to fix it? What can we do to prevent it from happening? The answers exist in the realm of the software development life cycle, or SDLC. Various compliance vehicles (such as SOC2) exist to help us formulate an effective SDLC, but any security expert knows that checking a box does not typically yield the desired results. This talk describes the SDLC used by the agent team at Threat Stack, while also bringing in outside experiences to supplement. It also goes over pitfalls observed and lessons learned. You might not use the same tools or produce the same product, but the talk focuses on principles to make the resulting product more secure.

Check out my other recent Threat Stack posts!