Information Security

Post: Cybersecurity: It’s All About the Coders (Thoughts on My TEDx Talk)

I recently gave a presentation at the TEDx San Antonio conference on March 5th, 2016 held at Rackspace Global Headquarters. This was a tremendous experience and I got to meet and share ideas with a bunch of great folks. Here’s a video of the talk: And here’s an interview I did with Jennifer Navarrete afterward […]

Post: In Response to: Defense in Silicon Valley, IHS Janes

I recently had the opportunity to speak with Zachary Fryer-Biggs of IHS Jane’s at RSA 2016 on the DoD’s expansion into Silicon Valley and its attempt to tap new innovative technology solutions. Zachary’s recent article titled “Defense in Silicon Valley” takes a look at the cultural change the DoD is attempting to adopt and its […]

Post: Having Trouble Starting Your Application Security Program? Beat Up Your Vendors!

Starting an application security program can be very challenging. If you don’t know how to get started – or if you can’t seem to get any traction getting your organization to change its ways – consider changing your focus and instead beat up on your vendors. Why Is Application Security Hard? Creating an internal application […]

Post: Austin ISSA Slides: Structuring and Scaling an Application Security Program

The slides from my talk at Austin ISSA yesterday are online here: Structuring and Scaling an Application Security Program from Denim Group The title of the talk was: Structuring and Scaling an Application Security Program And the abstract  was: Most organizations understand that the software they develop and deploy exposes them to risk from attackers. […]

Post: Hacker Or Military? Best Of Both In Cyber Security

How radically different approaches play out across the security industry. Three things happened to me before BlackHat 2014 to bring the entire NSA / Edward Snowden drama back to the forefront. The media reminded us of the one-year anniversary of the original Snowden leaks. At the same time, I saw newly retired General Keith Alexander deliver a […]

Post: Mobile Application Security – Don’t Cheat Yourself

I recently did a webinar on mobile application security where we looked at some statistics pulled from a subset of our mobile security assessments to look at a couple of important issues: Where do the most serious vulnerabilities exist in mobile applications (mobile code, enterprise web services, or 3rd party web services)? What types of […]