I am happy to announce that I have been selected to Keynote Day 2 at the AppSec Village @ DEFCON 32. I will be presenting:

I saw it again in my posts today, and this time I can take the gloves off, so here is a hot take that I’m sure no one will enjoy.

In today's digital landscape, businesses rely heavily on data. Whether it's customer information, financial records, or intellectual property, data forms the backbone of operations across industries. However, this reliance on data comes with inherent risks.

Test-Driven Development (TDD) is a development methodology that prioritizes writing tests for code before the code itself, followed by writing the code to pass those tests. This approach not only ensures the functionality of the code but also presents an opportunity to address security concerns, particularly validation bugs, early in the development process.

In keeping with the CISA theme of the day, I thought that I would take some time to talk about DoS. For those out there who are new in the space a denial of service attack (DoS) is the process of making many requests (often more than the server can handle) in an attempt to overwhelm the server. Generally speaking this falls into the low effort, low payout corner of the cyber security space, and has been the favorite of many subclasses of threats on the internet (specifically the cyber activist). When a whole group of people (or services) do it is 'Distributed' denial of service (DDoS).

Believe me there is nothing more fun than working with logging, but knowing what make good logs can go a long way into improving the security of your application

In this post we talk about opening up the conversation of DevSec and what we can do from the developer side to think about security and the tooling that we utilize to build software.

In the dynamic landscape of economics, it's humble to acknowledge that no one person holds all the answers. We each contribute a piece to the broader puzzle, offering unique perspectives and insights. While my expertise in economics may be limited, I aim to uncover overlooked truths that illuminate the current economic climate. Let's explore together and uncover the hidden gems that can shape our understanding of the economy and its intersection with cyber security today.