DevSecOps - This is GRC

22 Nov 2023 GRC DevOps DevSecOps

How to convince developers to fix their security vulnerabilities?

Presenting developers with vulnerabilities is one of the most common -and frustrating- tasks of any security analyst. Here's a list of the most common excuses developers come up with to avoid fixing vulnerabilities and how I react to them.

08 Nov 2023 ELI5 Hacking DevSecOps

What you need to know before you start your bug bounty program

Tips and tricks on what to expect from a bug bounty program in your organization: how will the program help your security posture, and how to take care of your response team who is going to be on the front lines.

30 Aug 2023 DevSecOps DevOps Security

10 Harsh Truths About Cloud Security

As a specialist in cloud security due diligence and third-party security risk management, I present the hardest aspects of the discipline. Questionnaires and scanners have created a culture of "checkmarkism" that lead to fast results but low value advice.

07 Jun 2023 ELI5 DevOps DevSecOps Hacking

How do Supply-Chain Attacks Work? Examples from Software Development

Did you know software is made up of hundreds of tiny pieces of software called libraries? Attackers sure do. Nowadays, they prey on developers' cognitive loads to infiltrate our most trusted applications. Let's unpack the new phenomenon of supply chain attacks.

07 Sep 2022 DevSecOps

How To DevSecOps

I spent a good portion of my first internship in cybersecurity supporting a large IT operations department in the financial sector. I created service accounts