Why Access control is security's most critical battlefield
Telling some stories about access control failures and why access management is like cleaning up toilets.
You don’t go into cybersecurity to make friends
Stories about how I've come to embrace security's role as the "bad cops" in enterprises. My secret? Staying grounded in security's core purpose, which is to defend best practices and integrity.
How to convince developers to fix their security vulnerabilities?
Presenting developers with vulnerabilities is one of the most common -and frustrating- tasks of any security analyst. Here's a list of the most common excuses developers come up with to avoid fixing vulnerabilities and how I react to them.
How to incorporate security into your branding strategy?
Everybody claims their product is secure. Then why are there so many data breaches? Instead of promising the impossible -zero incidents!- companies should showcase their expertise and commitment to integrity.
What you need to know before you start your bug bounty program
Tips and tricks on what to expect from a bug bounty program in your organization: how will the program help your security posture, and how to take care of your response team who is going to be on the front lines.