How to Cut Through Vendor Claims & Marketing Hype When Evaluating New Security Tools

I have a new post on the Threat Stack blog.

Check out my other recent Threat Stack posts!

from Blogger http://bit.ly/2EjGfxt
via IFTTT

How to Identify Threats Within Your Docker Containers

I have a new post on the Threat Stack blog.

Check out my other recent Threat Stack posts!

from Blogger http://bit.ly/2GC7J58
via IFTTT

The Difference Between Security Trick Plays and Security Fundamentals

I have a new post on the Threat Stack blog.

Check out my other recent Threat Stack posts!

from Blogger http://bit.ly/2GqF6aW
via IFTTT

SLDC, SOC 2, and Other Four Letter Words

I have a new post on the Threat Stack blog based on my presentation last week at SOURCE Boston!

Talk description:

Except for any authors of trojans that may have stumbled in accidentally, we all want to write secure applications. In spite of our sincere desires, vulnerable code gets shipped. Why? What do we do to fix it? What can we do to prevent it from happening? The answers exist in the realm of the software development life cycle, or SDLC. Various compliance vehicles (such as SOC2) exist to help us formulate an effective SDLC, but any security expert knows that checking a box does not typically yield the desired results. This talk describes the SDLC used by the agent team at Threat Stack, while also bringing in outside experiences to supplement. It also goes over pitfalls observed and lessons learned. You might not use the same tools or produce the same product, but the talk focuses on principles to make the resulting product more secure.

Check out my other recent Threat Stack posts!

from Blogger http://bit.ly/2KyPtrk
via IFTTT

Slides for SOURCE Boston 2018

You can find my slides from SOURCE Boston below and here. I tweaked them a bit from my presentation SOURCE Mesa-Phoenix.

from Blogger http://bit.ly/2G51zWq
via IFTTT

Slides for SOURCE Mesa 2018

You can find my slides from SOURCE Mesa-Phoenix below and here.

from Blogger http://bit.ly/2HV59Ve
via IFTTT

Heading to SOURCE Mesa/Phoenix

This week I’m heading to SOURCE Mesa/Phoenix. While there I will present my talk: SDLC, SOC2, and other four letter words. I’ll post the slides for the talk later, but you can read the abstract now:

Except for any authors of trojans that may have stumbled in accidentally, we all want to write secure applications. In spite of our sincere desires, vulnerable code gets shipped. Why? What do we do to fix it? What can we do to prevent it from happening? The answers exist in the realm of the software development life cycle, or SDLC. Various compliance vehicles (such as SOC2) exist to help us formulate an effective SDLC, but any security expert knows that checking a box does not typically yield the desired results. This talk describes the SDLC used by the agent team at Threat Stack, while also bringing in outside experiences to supplement. It also goes over pitfalls observed and lessons learned. You might not use the same tools or produce the same product, but the talk focuses on principles to make the resulting product more secure.

I’m slotted to present on day two, March 1st, at 1:10 pm. So right after lunch. Rob Cheyne interviewed me ahead of the conference to preview my talk, and you can find that on YouTube:

Sorry about the audio. I definitely have some lessons learned there for myself about getting the right equipment and prepping for the discussion a bit better.

I’ll be there for both days of the main conference. I look forward to meeting new folks and learning new things!

from Blogger http://bit.ly/2HMYFYA
via IFTTT

C++ in the Linux kernel

I have a new post on the Threat Stack blog!

Check out my other recent Threat Stack posts!

from Blogger http://bit.ly/2f0mXz0
via IFTTT