I have a new post on the Threat Stack blog.
Check out my other recent Threat Stack posts!
Showing posts with label Threat Stack. Show all posts
Showing posts with label Threat Stack. Show all posts
Thursday, February 28, 2019
Tuesday, February 19, 2019
Thursday, February 14, 2019
Friday, May 18, 2018
SLDC, SOC 2, and Other Four Letter Words
I have a new post on the Threat Stack blog based on my presentation last week at SOURCE Boston!
Talk description:
Except for any authors of trojans that may have stumbled in accidentally, we all want to write secure applications. In spite of our sincere desires, vulnerable code gets shipped. Why? What do we do to fix it? What can we do to prevent it from happening? The answers exist in the realm of the software development life cycle, or SDLC. Various compliance vehicles (such as SOC2) exist to help us formulate an effective SDLC, but any security expert knows that checking a box does not typically yield the desired results. This talk describes the SDLC used by the agent team at Threat Stack, while also bringing in outside experiences to supplement. It also goes over pitfalls observed and lessons learned. You might not use the same tools or produce the same product, but the talk focuses on principles to make the resulting product more secure.
Check out my other recent Threat Stack posts!
Thursday, May 10, 2018
Slides for SOURCE Boston 2018
You can find my slides from SOURCE Boston below and here. I tweaked them a bit from my presentation SOURCE Mesa-Phoenix.
Thursday, March 1, 2018
Monday, February 26, 2018
Heading to SOURCE Mesa/Phoenix
This week I'm heading to SOURCE Mesa/Phoenix. While there I will present my talk: SDLC, SOC2, and other four letter words. I'll post the slides for the talk later, but you can read the abstract now:
Sorry about the audio. I definitely have some lessons learned there for myself about getting the right equipment and prepping for the discussion a bit better.
I'll be there for both days of the main conference. I look forward to meeting new folks and learning new things!
Except for any authors of trojans that may have stumbled in accidentally, we all want to write secure applications. In spite of our sincere desires, vulnerable code gets shipped. Why? What do we do to fix it? What can we do to prevent it from happening? The answers exist in the realm of the software development life cycle, or SDLC. Various compliance vehicles (such as SOC2) exist to help us formulate an effective SDLC, but any security expert knows that checking a box does not typically yield the desired results. This talk describes the SDLC used by the agent team at Threat Stack, while also bringing in outside experiences to supplement. It also goes over pitfalls observed and lessons learned. You might not use the same tools or produce the same product, but the talk focuses on principles to make the resulting product more secure.I'm slotted to present on day two, March 1st, at 1:10 pm. So right after lunch. Rob Cheyne interviewed me ahead of the conference to preview my talk, and you can find that on YouTube:
Sorry about the audio. I definitely have some lessons learned there for myself about getting the right equipment and prepping for the discussion a bit better.
I'll be there for both days of the main conference. I look forward to meeting new folks and learning new things!
Monday, May 1, 2017
Eyes on the Ground: Why You Need Security Agents
I have a new post on the Threat Stack blog based on my presentation last week at SOURCE Boston!
Talk description from SOURCE agenda:
Whether you build, buy, borrow, or steal it, you need a security agent on your endpoints. We can already hear your cries of "agent fatigue" and we sympathize. Any agent, no matter how lightweight, has costs associated with running it. Minimize those costs and get an agent, because you need the information that only an agent can harvest from the endpoint. We talk about various types of security agents, including their respective strengths and weaknesses. We explore how agents can interact and interfere with each other, and provide some tips for evaluating agents. We cover open-source, custom-built, and vendor perspectives, from cloud to IoT. We need information to do our jobs, and we need agents on our digital assets to provide that information.
I exported the keynote slides to slideshare.
Check out my other recent Threat Stack posts!
Monday, April 10, 2017
Welcome SOURCE visitors!
Maybe you've stumbled onto this blog after hearing of me through SOURCE Conference Boston. Welcome! While this blog has links to my professional blog posts, they actually live on my company's blog.
Things that make it onto this blog tend to be things that do not fit elsewhere. That includes the notes for religious talks I give as part of my volunteer position in the LDS (Mormon) church, among other things. Feel free to ask me about them!
Things that make it onto this blog tend to be things that do not fit elsewhere. That includes the notes for religious talks I give as part of my volunteer position in the LDS (Mormon) church, among other things. Feel free to ask me about them!
Friday, March 3, 2017
Friday, October 28, 2016
Friday, July 29, 2016
Tuesday, May 31, 2016
Monday, May 23, 2016
Wednesday, May 18, 2016
How security changes in the cloud
Friday, April 1, 2016
Thursday, February 4, 2016
Friday, November 13, 2015
Highlights From Facebook's Security@Scale (@SecatScale)
2/4/2016 - Oops! I forgot about this one! Adding it later and then back-dating it. Shhhh!
I have a new post on the Threat Stack blog!
Check out my other recent Threat Stack posts!
Check out my other recent Threat Stack posts!
Thursday, November 5, 2015
Wednesday, May 20, 2015
Subscribe to:
Posts (Atom)