analysis

Recently, work hosted an event designed to bring my team closer together. Using the Surepeople PRISM, we spent the morning discussing our dominant psychological traits and how we can use them to better interact as a team. I thought the exercise was brilliant, and it led me to seek out other tools to broaden my self awareness. The first such tool I uncovered was the Johari Window. Johari Window My ultimate self awareness goal is to shrink the “Blind Spot” window as much as possible....

Since my last post, I’ve left my position with the consultancy. I’m now working for a medium-sized corporation in a senior application security role. One of my many tasks is to contribute to the development of an Application Security program. This post will serve as my thoughts on setting up an AppSec Program. Measuring current performance The Building Security In Maturity Model (BSIMM) is a study of existing software security initiatives used by 95 companies of varying size across six verticals....

This post was inspired by a client who came to me and said “I do not understand all of these findings, can you explain them to me?”, referring to my web application penetration test deliverable. We spoke for an hour, as I described the findings to him. I corrected him when his understanding was shaky, and I confirmed where his understanding was solid. He had a development background, and was studying for a security certification, but he was managing a large security project for a well-known company and I was surprised to learn he was a security newbie....