DevOps security culture: 12 fails your team can learn from

Will DevOps and DevSecOps still be relevant in 50 years? Today's DevOps technology will be long gone, but some cultural pieces may still be around. My best guess on the part of DevOps that will still exist: DevOps security culture.

Read Story

What I Learned in Year One of MY "Security Journey"

It has been almost a year since I left my cushy job at Cisco Systems and embarked on my own "Security Journey" as CEO of my own company. I'm writing this down as much for myself as for anyone who might read it. I'm writing this to remind myself what I've learned in the last year, and to chronicle some of the challenges of launching Security Journey.

Read Story

The day I met John Chambers.... and quit

The day was November 5, 2015, and the place San Jose, California. I was hosting the Cisco SecCon 2015. SecCon is the yearly Cisco internal security conference where the power players gather together. I've directed a team of volunteers that deliver the conference for the past two years. Our keynote speaker for the day was John Chambers, Executive Chairman of Cisco Systems, and Chief Executive Officer for 20+ years.

Read Story

Three ways to empower remote threat modeling

This post is a result of a conversation on the Application Security Podcast. Adam Shostack joined Robert and me, and the topic was remote threat modeling. We're all living in this new world where we're working from home. The question we pose is, how will we make progress on rolling out threat modeling when we can't meet with people face to face and work directly on a whiteboard?

Read Story

Threat modeling: better caught than taught

Everyone wants their engineering staff to be better at threat modeling. Security teams desire a world where developers practice a threat modeling mindset. A threat modeling mindset is where threat modeling is no longer a process or a tool but is instead a way of life. When developers embrace this mindset, they see threats jump off the page in both diagrams and code. They hear peers discussing a potential solution, and they can articulate the security challenges that such an approach will cause.

Read Story

Security coaches

NOTE: This article is written based on a conversation on the Application Security Podcast with Matt McGrath, called “Security Coaches."Most developers will say security is a concern, but not always the first concern. Developers get hit by the business to deliver user stories quickly and in a state of completeness.

Read Story

Top Ten Application Security Podcast Episodes of 2019

These are the top ten, most listened to episodes of the Application Security Podcast for calendar year 2019.

Read Story
Need more information about Security Journey? Get in touch.

Ready to start your journey?

Book A Demo