It’s Not Your Developers’ Fault

It’s Not Your Developers’ Fault

This year’s RSA theme is Resilience. It’s once again a virtual event, which means I get to attend as a speaker without needing to travel to San Francisco. Title: It’s Not Your Developers’ Fault Time: 5:00pm to 5:30pm (EDT) Description:The...
RSA Conference Asia Pacific &Japan 2020

RSA Conference Asia Pacific &Japan 2020

This was my first virtual RSA presentation. Previously it had always been in person at Marina Bay Sands in Singapore. However due to the pandemic, this session was done virtually. The title of my talk was Your Application is Mostly Written by...
SafetyCulture Quality Engineering Meetup

SafetyCulture Quality Engineering Meetup

I had the great opportunity to speak at SafetyCulture’s inaugural quality engineering Meetup. I was the first speaker of three with the other speakers being Georgia De Pont who heads up quality at Dovetail Studios and Roger Chapman, who is a distinguished...

Building an Engineering Security Culture

https://www.cloudsecuritypodcast.tv/videos/building-an-engineering-security-culture I had the pleasure of being on Ashish Rajan’s Cloud Security Podcast to talk about Building an Engineering Security Culture. We discussed about the following topics: What is...
Your Website Might have an Unknown OSCP Dependency

Your Website Might have an Unknown OSCP Dependency

A few weeks ago, a friend who looks after a web server had an outage on their website and asked me to help troubleshoot. The cause of the outage surprised me and is the reason why I’m writing about it. The website outage was due to a dependency it had on the server of...

My Thoughts on FAIR

photo taken from yorkfair.org I recently completed the FAIR analysis fundamentals course and here are my thoughts on it. FAIR stands for Factor Analysis of Information Risk, and is the only international standard quantitative model for information security and...
Rapid Risk Assessments

Rapid Risk Assessments

That was the main take away for me from today’s talks by SANS instructor Eric Johnson. He was in the country running a workshop and talk at AISA conference in Melbourne and SANS contacted me if I was interested in having him doing a private talk to the team. I was...
Gamified Learning – Application Security

Gamified Learning – Application Security

Today we had a combined application security event with another tech company.It was the first time we ran the combined event and it involved security champions from both companies. We had planned on spending the morning reviewing 4 security concepts; XSS, CSRF, RCE...