How to hack your security culture
This post was written by Chris Romeo during his tenure at Security Journey.
Changing security culture appears straightforward at first glance: You tell people to do things differently than before,...
Security Journey Blog
Here you’ll find the latest news, information, and trends in application security and compliance, plus tips and strategies for writing safer code and building a security culture.
Stay Up-to-Date on all Security Journey news and events.
Featured Articles
Developer-Tailored Secure Code Training: A New Approach from Security Journey
Security training for developers has traditionally been a one-size-fits-all experience—generic, compliance-driven, and...
New Content for Your Most Pressing & Emerging Vulnerabilities: AI/LLM & CWE Top 25
At Security Journey, we continuously evolve our training content to help organizations stay ahead of the most pressing...
How do you start in cybersecurity?
Here are five things that have impacted me in my career, and helped me to grow both as a security person and a human being.
Secure Development Lifecycle: The essential guide to safe software pipelines
This post was written by Chris Romeo during his tenure at Security Journey.
Customers demand secure products out of the box, so security should be a top priority that should be top of mind for...
How developers can take the lead on security
This post was written by Chris Romeo during his tenure at Security Journey.
On the Internet, detection and reporting of vulnerabilities in software is a daily occurrence. Where do those...
How to put the S (for security) into your IoT development
This post was written by Chris Romeo during his tenure at Security Journey.
A joke about the Internet of Things has been shared around Twitter over the past few months; I saw it attributed to a guy...
Why OWASP's Threat Dragon will change the game on threat modeling
This post was written by Chris Romeo during his tenure at Security Journey.
Threat modeling has always been a dream of mine. Not that I sit around and dream of threat modeling all day, but I dream...
The 3 most crucial security behaviors in DevSecOps
This post was written by Chris Romeo during his tenure at Security Journey.
What if I told you that you could change the security posture of your entire DevOps team without ever documenting a single...
A primer on secure DevOps: Why DevSecOps matters
This post was written by Chris Romeo during his tenure at Security Journey.
I’ve been in the world of security for 20-plus years, I have seen trends come and go, but I’ve never seen anything as...
4 ways to engage developers who couldn't care less about security
This post was written by Chris Romeo during his tenure at Security Journey.
You would think that there is not a single developer on earth who has avoided the impact of a data breach or security...
Information security needs community: 6 ways to build up your teams
This post was written by Chris Romeo during his tenure at Security Journey.
Every application security and SecOps organization needs to connect people under the banner of security. The security of...
Tech firms take different security approaches than others. That's good and bad
When people think about application security in a large organization, big tech companies like Adobe, Cisco, Microsoft, and HPE often come to mind. These companies appear to have cracked the code on...
6 application security lessons every team should study
This post was written by Chris Romeo during his tenure at Security Journey.
When you build a skyscraper, how important is the foundation? It's crucial. Built on a weak foundation, even the most...