Information Security

Post: Bringing Sanity to BlackHat Week – A Survival Guide for First-Timers

Ahhhhh. BlackHat Eve. That week before Black Hat where overworked security folks all over the world attempt to clear out their email inboxes prior to jetting out to Las Vegas for a week in enclosed conference centers with thousands of other like-minded security nerds. But when we talk about Black Hat as a singular event […]

Post: 2016 Post Gartner Recap

                     Now that the dust has settled on the annual 2016 Gartner Security and Privacy Symposium, we can look back through a clean lens and identify themes that bubbled to the surface of the different sessions. Although a critical mass of security leaders were in attendance, […]

Post: Cybersecurity: It’s All About the Coders (Thoughts on My TEDx Talk)

I recently gave a presentation at the TEDx San Antonio conference on March 5th, 2016 held at Rackspace Global Headquarters. This was a tremendous experience and I got to meet and share ideas with a bunch of great folks. Here’s a video of the talk: And here’s an interview I did with Jennifer Navarrete afterward […]

Post: In Response to: Defense in Silicon Valley, IHS Janes

I recently had the opportunity to speak with Zachary Fryer-Biggs of IHS Jane’s at RSA 2016 on the DoD’s expansion into Silicon Valley and its attempt to tap new innovative technology solutions. Zachary’s recent article titled “Defense in Silicon Valley” takes a look at the cultural change the DoD is attempting to adopt and its […]

Post: Having Trouble Starting Your Application Security Program? Beat Up Your Vendors!

Starting an application security program can be very challenging. If you don’t know how to get started – or if you can’t seem to get any traction getting your organization to change its ways – consider changing your focus and instead beat up on your vendors. Why Is Application Security Hard? Creating an internal application […]

Post: Austin ISSA Slides: Structuring and Scaling an Application Security Program

The slides from my talk at Austin ISSA yesterday are online here: Structuring and Scaling an Application Security Program from Denim Group The title of the talk was: Structuring and Scaling an Application Security Program And the abstract  was: Most organizations understand that the software they develop and deploy exposes them to risk from attackers. […]