At the end of each chapter of Alice and Bob Learn Application Security there are questions for the reader to ponder. As the author, I will be hold streaming sessions every 4 weeks to discuss the questions, starting March 20, 2021. …
I joined the NeuraLegion Advisory Board because they’re really fun to work with. Gosh that would make for a short blog post, wouldn’t it?
When I started my quickly-failed startup in 2019, Security Sidekick, Bar Hofesh reached out to me to see if he and Gadi Bashvitz could help. I…
In this series we are discussing how to get your technical training approved at work. This is not the first article, and you may want to go back and read it from the start.
In the previous article, we talked about how we need to explain to our boss not…
*This is a series.*
We’ve all been there. There’s a training you really want to take, but your boss isn’t so sure. This can be because it’s out of budget, they feel it’s too ‘off topic’ from your current job, there’s no time with your current workload, they are afraid…
Welcome to the Black Lives Matter Edition of Book Club, where we will talk about a couple of books that Tanya read recently, and what she thinks about them. The previous article in this series was about Communication and Metrics.
All of the books listed are available in audiobook; my…
The Second Way of DevOps is fast feedback. In security, when we see this we should all be thinking the same thing: Pushing Left. We want to start security at the beginning of the system development life cycle (SDLC) and ensure we are there (providing feedback) the whole way through!
The previous article in this series is here. If you are lost reading this article, read the whole series from the start. :-D This is a long post, sit tight!
The first “Way” of DevOps is emphasizing the efficiency of the entire system. Many of us tend to focus only…
The previous article in this series is here.
In this post we will explore The 3 Ways of DevOps. But first, a definition.
DevSecOps is Application Security, adjusted for a DevOps environment.
DevSecOps is the security activities that application security professionals perform, in order to ensure the…
There are many definitions of DevOps
Link to the previous post in this series.
There are many definitions of DevOps, too many, some might say. Some people say it’s “People, Processes, and Products”, and that sounds great, but I don’t know what I’m supposed to do with that. When I did waterfall I also had people…
In a recent ‘Ask Me Anything’ Tanya covers ‘Where can we learn Threat Modelling?’. The linked video is approximately 2 minutes.
- Threat modelling, for those who are unaware, is a sort of ‘evil brainstorming’.
- The question included “How can we learn by doing, not…
