Steps you can take today to improve your security posture — I’ve long said that security is inversely proportional to convenience. While I still believe that to be true, there are plenty of simple things you can do right now that will help to improve the overall security of your company without sacrificing productivity. …

That doesn’t mean they aren’t useful — I’ve written before about why I think security culture is important. In that article, I mentioned that some of my clients are surprised that I don’t audit their product code. Here are three reasons why: Attackers think bigger Potential flaws in your product software aren’t the only opportunity for threat actors…

A healthy security culture is one where everyone along for the ride will habitually put on their seatbelt — Are you the type of person who always wears their seatbelt, I hope? If so, you will probably feel uncomfortable without it. The reason you get that feeling is because you’ve spent most of your life building safe habits which makes it weirder to not do it. Building a culture…

Updating session tokens on a high-traffic web service like we have at Optimizely presents several engineering challenges. With the current state of technology, the customer reasonably expects our service to be always-on, so taking it offline for “scheduled maintenance” is no longer an acceptable option. …