Security Highlights: My Last 9 Months in Review

It’s been a long time since I last wrote on my personal blog, but I’ve been busy creating tons of content! I figured it’s time to share everything I’ve been working on over the past nine months—events, projects, and all. Hope you find it helpful! 😃

Content I have created or released in the past 9 months:

• Alice and Bob Learn Secure Coding (a textbook)
• AppSec Antics Card Game (not get available to the public)
• Security Headers course in Semgrep Academy
• Incident Response for Dev’s course in Semgrep Academy
• Episode 260 of The Security Ledger Podcast: The Art of Teaching Secure Coding with Tanya Janca
• ‘no dogma podcast‘ 
• The OWASP Podcast 
• Taylor Armerding interview- my 2025 predictions… Read it 
• My talk with SCOTT HELME from #RSAC  Watch this!
• ‘Top 5 security mistakes software developers make‘ (I was interviewed)
• No Password Required Podcast,  
• Cyber Pulse Podcast 
• I interviewed Jeevan Singh 
• Breaking Badness Podcast 
• The Modern .NET Show 
• Getting into Cybersecurity Podcast 
• What if you don’t know the answer? Dealing with imposter syndrome (video)  
• Chapter 5 of Alice and Bob Learn Secure Coding (video) 
• Going beyond ‘shift left’: Why shared responsibility is key to risk management
• PenTest (no, no, no) music video
• Cyber Pulse Podcast:Episode 003: Application Security with Tanya Janca of Semgrep
• Talk Python to Me (video, available on all podcasts platforms in audio)
• Shift Left Doesn’t Mean Anything Anymore, 
• Using Artificial Intelligence, Safely
• Shared Security Podcast! 
• My talk at B-Sides Ottawa, Maturing Your AppSec Program
• The Changing Face of Election Security – Webinar/Podcast 
• Crying Out Cloud podcast 
• AskMeAnythingAppSec: How do you tune a SAST to avoid false negatives?
• AskMeAnythingAppSec: How do you incorporate code review onto a developer’s ‘business as usual ‘?
• Maturing Your AppSec Program (my talk at Def Con – AppSec Village) 
• AskMeAnythingAppSec: How does AI affect cyber security?
• AskMeAnythingAppSec: Minimal Viable Security?
• AskMeAnythingAppSec: How do you address zero days in 3rd party software components?
• AskMeAnythingAppSec: What tools do I want to see in the SDLC?
• AskMeAnythingAppSec: What should the ratio be between software developers and security
• AskMeAnythingAppSec: Extremely demanding certifications a job requirement, you are excluding many types of people.
• AskMeAnythingAppSec: How can security teams get regular feedback from software developers?
• StackOverflow podcast! 
• The Application Security Podcast!
• Episode 260 of The Security Ledger Podcast: The Art of Teaching Secure Coding with Tanya Janca
• Breaking Badness podcast  
• Enterprise Security Weekly! 
• Security Detail Podcast! 
• The Rules, with Kyle Kelly 
• Webinar: Collaborating with Development Teams: How to Successfully Implement and Enforce Secure Guardrails
• Breaking Badness Podcast! 
• Application Security Podcast

Public Events I was part of:

• August 7th, AppSec Antics Card Game Launch, Live in Vegas! 
• August 8th, Black Hat Community Panel 
• August 8th, SquadCon with Black Girls Hack! 
• August 15th – The Rules with Kurt Boberg and Tanya Janca
• August 20th, a panel “Best Practices and Innovations in Software Supply Chain Security“
• Sept 16th, The Rules, with myself and Brandon Wu! 
• September 19th 9:00 am PST, A Perfect Partnership: Secure Coding and Threat Modeling 
• September 19th 2:00 pm PST, Automating Secure Guardrails: Leveraging SAST and Other Tools for Effective Implementation, 
• September 20th: B-sides Vancouver Island, 
• Sept 23 & 24,  B-Sides Edmonton, 
• Sept 26 & 27 OWASP Global AppSec in San Francisco
• Sept 26th, Mentoring Event at OWASP Global AppSec 
• October 11, The Rules with Kurt Boberg, 
• October 24-25 2024, Austin, Texas, USA, Lascon, 
• Oct 30 and 31st: Free Secure Coding Training from Semgrep Community! 
• November 7, 2024,  The Elephant in AppSec Conference
• November 20, OWASP Ottawa
• November 21, AI Native Summit
• November 22, B-Sides Mombasa
• November 21-22, B-Sides Ottawa
• Dec 12th, the AI Summit New York
• January 15, OWASP London
• January 20-23, 2025 NDC Security in Oslo, Norway
• Feb 5-7, Wild West Hackin’ Fest @ Mile High 2025, online 
• Feb 11-14, DeveloperWeek, Security Summit, Santa Clara, CA,
• February 27th, Women Impact Tech
• Feb 27th, APISEC|CON
• March 14th, Snowfroc OWASP conference, in Denver, Colorado, USA

Thank you for reading my blog, and sorry it’s been a while since I have published anything. As you can see, I was definitely busy! I hope to be better in the future when it comes to my blog!