Archiv pro štítek: OWASP

Anticipating Failure through Threat Modeling w/ Adam Shostack

What am I working on? What can go wrong? What am I going to do about it? Did I do a good job? These are the four questions at the heart of threat modeling In this episode, I speak with Adam Shostack, author of Threat Modeling: Designing for Security. We talk through how to begin threat modeling and the expectations of using modeling. Adam walks through the history of threat modeling, including his creation of the Elevation of Privilege game.

Anticipating Failure through Threat Modeling w/ Adam Shostack

What am I working on? What can go wrong? What am I going to do about it? Did I do a good job? These are the four questions at the heart of threat modeling In this episode, I speak with Adam Shostack, author of Threat Modeling: Designing for Security. We talk through how to begin threat modeling and the expectations of using modeling. Adam walks through the history of threat modeling, including his creation of the Elevation of Privilege game.

We Are All Special Snowflakes with Chris Roberts

This is the sixth episode in an eight part series, talking with the authors of "Epic Failures in DevSecOps". In this segment, I speak with Chris Roberts about his chapter, "We are all special snowflakes", diving into topics as diverse as the failure of the security industry to protect us from ourselves and what is considered "acceptable" monitoring when it comes to the government, and to social sites. You can download a free copy of Epic Failures at DevSecOpsDays.com

We Are All Special Snowflakes with Chris Roberts

This is the sixth episode in an eight part series, talking with the authors of "Epic Failures in DevSecOps". In this segment, I speak with Chris Roberts about his chapter, "We are all special snowflakes", diving into topics as diverse as the failure of the security industry to protect us from ourselves and what is considered "acceptable" monitoring when it comes to the government, and to social sites. You can download a free copy of Epic Failures at DevSecOpsDays.com

A Concise Introduction to DevSecOps

The inclusion of security as an integral piece of the DevOps puzzle continues to gain traction. In this episode of the DevSecOps Days Podcast Series, I speak with Curtis Yanko and Scott McCarty about their new book, "A Concise Introduction to DevSecOps". We discuss why they wrote the book, who the audience is that will benefit from it and why enterprises should be considering security as part of the software development environment.

A Concise Introduction to DevSecOps

The inclusion of security as an integral piece of the DevOps puzzle continues to gain traction. In this episode of the DevSecOps Days Podcast Series, I speak with Curtis Yanko and Scott McCarty about their new book, "A Concise Introduction to DevSecOps". We discuss why they wrote the book, who the audience is that will benefit from it and why enterprises should be considering security as part of the software development environment.

What’s In Store for the AppSec Cali Conference w/ Richard Greenberg

As if there aren't enough reasons to go to Southern California in the middle of a New York winter, AppSec Cali opens it's doors for its 6th Annual OWASP conference on January 22, 2019. In this broadcast, I speak with Richard Greenberg, one of the core organizers of the conference, talking about why people come, what they can expect to see and why he continues to help produce the conference year after year. For a transcript of this broadcast, go to DevSecOpsDays.com and click on "Podcasts".

What’s In Store for the AppSec Cali Conference w/ Richard Greenberg

As if there aren't enough reasons to go to Southern California in the middle of a New York winter, AppSec Cali opens it's doors for its 6th Annual OWASP conference on January 22, 2019. In this broadcast, I speak with Richard Greenberg, one of the core organizers of the conference, talking about why people come, what they can expect to see and why he continues to help produce the conference year after year. For a transcript of this broadcast, go to DevSecOpsDays.com and click on "Podcasts".

Epic Failures in DevSecOps w/ Aubrey Stearn

Aubrey Stearn is the Technical Lead for the Enterprise Cloud Platform at Nationwide. In the broadcast we talk with Aubrey about her chapter, "", in the recently released "Epic Failures in DevSecOps" book. Aubrey talks about her extensive experience guiding and molding teams, leading the way through the maze of decisions needed in order to build a more productive and efficient engineering culture. We start off the discussion with "Why is our biggest problem DevOps, itself?"

Epic Failures in DevSecOps w/ Aubrey Stearn

Aubrey Stearn is the Technical Lead for the Enterprise Cloud Platform at Nationwide. In the broadcast we talk with Aubrey about her chapter, "The Tale of the Burning Programme", in the recently released "Epic Failures in DevSecOps" book. Aubrey talks about her extensive experience guiding and molding teams, leading the way through the maze of decisions needed in order to build a more productive and efficient engineering culture. We start off the discussion with "Why is our biggest problem DevOps, itself?"