Fixing security bugsThis article covers some ways I’ve gotten security bugs fixed inside a company.Nov 1, 20173Nov 1, 20173
Equifax + 3rd party code != securityIt appears the Equifax breach hinged on an unupdated Apache Struts vulnerability. Lots of security people are talking about lots of…Sep 16, 2017Sep 16, 2017
Some parts of being a great EngineerMuch ink has been spilled in defining, or refuting, the concept of the 10x engineer.Jul 26, 2017Jul 26, 2017
Feedback loopsI’ve worked in three big areas in my career: building software, securing software and leadership.Jul 12, 2017Jul 12, 2017
Outcomes > bugsA reasonable mission for an application security team is to find and fix security bugs in a codebase. I held this view at one point and I…Jun 28, 2017Jun 28, 2017
Published inHackerNoon.comManager lingo for engineersA while back I changed from an engineer to a manager.May 25, 2017May 25, 2017
Business risk for security engineersThere are these two young fish swimming along and they happen to meet an older fish swimming the other way who nods at them and says…May 2, 2017May 2, 2017
Published inUber Privacy & SecurityFrom the Ground Up: Building Product Security at UberBecause software has inherent vulnerabilities, smart security teams build protections inside and outside their code to help prevent…Jan 31, 2017Jan 31, 2017
Product security primitivesWorking in software security for a while I’ve recognized a few core ideas that have helped guide the efforts of a product security team. I…Jan 27, 2017Jan 27, 2017
Published inHackerNoon.comWhy product security is hardWhen software security flaws can fetch over a million dollars it is useful to examine why building secure software is so difficult.Jan 15, 2017Jan 15, 2017