home.social

#prodsec — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #prodsec, aggregated by home.social.

  1. Had a #ThreatModel session with two engineering teams today. A real extensive one, where preparation included a full review of what's already there. A tech stack we haven't touched on at this company yet. A model where I could really build on my past experience, and still felt I worked for way too long. And yet, it paid off. Had an insightful conversation with folks, we all learned from each other, and we paved the way for future small, lean modeling sessions. Huge win! 🎉 #AppSec #ProdSec

  2. Joined very interesting sessions at #SoCraTes2025 today and gave two myself. "Building Secure Enough Products - Bumps & Boosters" led to an impactful experience exchange of what holds us back & what helps us move in good directions. 💡And to build on the streak started the last years at #SoCraTes: "Capture the Flag Together" to practice #security testing hands-on in a collaborative way. 🙌🏻 Thanks to all the amazing folks who joined and made it a great learning experience! 😃 #AppSec #ProdSec

  3. It's that time of the year: Global Accessibility Awareness Day. Have you ever felt that you don't need accessibility features or any accommodations? We need to increase awareness on what these actually mean and why they make everyone's lives better!

    Let's take an example. Are you wearing any visual aids like glasses or contact lenses? How about a temporary eyepatch after a surgery? Or maybe sunglasses to protect your eyes and help your sight when circumstances are not ideal? What about using reduced blue light and dark mode when you're struggling with headaches?

    All of these are accommodations to meet accessibility needs. No matter if continuous, temporary or situational. There are tons more for you to go and find out about!

    Let's stay curious for each other's needs, and that includes our own needs as well.

    accessibility.day/

    #GlobalAccessibilityAwarenessDay #accessibility #a11y #inclusion #osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProdSec #OTsecurity [lisi]

  4. We start our afternoon talks with Don McKeown talking about maturing #securedevelopment lifecyle, Gautam Peri showing us the art of #authbypass and Chris Smith discuss about #securityatspeed with Discord's #prodsec program. Check out all of this at OWASP BASC 2024.

    #owasp #owaspboston #basconf #basconf24 #appsec

  5. We start our afternoon talks with Don McKeown talking about maturing #securedevelopment lifecyle, Gautam Peri showing us the art of #authbypass and Chris Smith discuss about #securityatspeed with Discord's #prodsec program. Check out all of this at OWASP BASC 2024.

    #owasp #owaspboston #basconf #basconf24 #appsec

  6. We start our afternoon talks with Don McKeown talking about maturing #securedevelopment lifecyle, Gautam Peri showing us the art of #authbypass and Chris Smith discuss about #securityatspeed with Discord's #prodsec program. Check out all of this at OWASP BASC 2024.

    #owasp #owaspboston #basconf #basconf24 #appsec

  7. Listen to Chris Smith talk about Discord's #prodsec program and how they managed #securityatspeed . This and many more exciting talks! Register at www.basconf.org

    #owasp #owaspboston #appsec #basconf #basconf24

  8. The Loco Moco Security Conference (LocoMocoSec) #cfp is open until March 21st. The event takes place July 17th and 18th in Līhuʻe on Kauaʻi, Hawaiʻi sessionize.com/loco-moco-secur #appsec #prodsec #cloudsec

  9. Into product #Security and looking for new opportunities? Look no further! #LifeAtRedHat
    ---
    RT @RedHatSecurity
    We're hiring! Looking for something to do this weekend? Check out @RedHat #prodsec #security jobs. red.ht/prodsecjobs
    twitter.com/RedHatSecurity/sta

  10. @SheHacksPurple @wilander @manicode I deliver training through @manicode as well as through my employer but I also see a variety of environments through consulting.

    I think that the scope of potential #AppSec/ #ProdSec risks is so large now that it is hard for anyone to get a real handle on it.

    Secure coding is one small part of it which I think training helps with a lot but consider the fact that there is no one place where you can find secure coding guidance for a variety of languages other than maybe a @owasp cheatsheets.

    However, I think there are a bunch of more organizational level concerns related to how organizations normalize and get buy-in for software security activities and keep these processes going long-term without everyone hating security.

    I also think that many of the loudest AppSec voices right now (in mainstream information security spaces) are vendors or breakers who have a specific perspective on things and are mostly talking about tools, automation and testing.

    I would argue that the focus on those topics distracts organizations from more fundamental issues of scaling the processes and activities which cannot be automated away such as training, developer engagement, threat modelling and vulnerability triage.

    I am not sure we will see significant improvement until these things are addressed at a strategic level within organizations...