Browsed by
Month: November 2016

Foundations: Security Community at Any Scale (S01E12)

Foundations: Security Community at Any Scale (S01E12)

On this episode, Robert interviews Chris about security community. Chris talks about the experiences he’s had doing security community at a large organization for 5+ years. Robert keeps pushing Chris to make this applicable for small companies as well. You’ll hear best practices for how you can build security community in your org, including monthly training sessions, lunch and learns, and even internal security conference. Chris also offers the profound statement that “everyone eats lunch”.

Interview: The Soft Skills of AppSec (S01E11)

Interview: The Soft Skills of AppSec (S01E11)

We are joined by Deidre Diamond, Founder and CEO @cyber_sn & the Founder of @brain_babe. We discuss employment in the world of application security. We also dive deep into soft skills, exploring why they are foundational in the work force.Deidre explains the benefits of win-win conversation, how words and common language connect, and how to have fun, compassion, love, integrity and productivity all in one at work.

This is the mid-point of our first season of the AppSec Podcast. We’ll take next week off, and then come back with nine more episodes that drive us to the end of Season 1. Stay tuned!

Interview: PASTA: Not Just for Breakfast Anymore (S01E10)

Interview: PASTA: Not Just for Breakfast Anymore (S01E10)

This is our third interview from ISC2 Security Congress. We are joined by Tony UcedaVelez, or TonyUV, founder and CEO of VerSprite – a global security consulting firm based in Atlanta, GA. Tony leads the OWASP Atlanta Chapter and BSides Atlanta.

This is a deep dive into Tony’s experience with threat modeling. We explore the PASTA methodology he created.

Interview: An Inner Glimpse of the Microsoft SDL (S01E09)

Interview: An Inner Glimpse of the Microsoft SDL (S01E09)

This is our second interview from ISC2 Security Congress. We are joined by Glenn Leifheit (@gleifhe), an InfoSec and Development Evangelist at Microsoft. Microsoft is the grandparent to almost every secure development lifecycle across the industry.

This is an in depth discussion about how to actually do¬†SDL. Glenn shares some things during this conversation that I’ve never heard in public before about the internals of Microsoft’s SDL process. You will take something away from this conversation that you can apply to your program.

Enjoy!