Sharing Another Talk with the Community

Me, delivering this talk for the first time, on stage.

Three years ago I decided that I would share most of my talk content with my community (everything that I am not currently applying to conferences with). At the time, I only shared one, because…. I ran out of time. Now it’s time to share the second talk, “Security is Everybody’s Job!” By “share” I mean give my express permission for anyone, anywhere, to present content that I have written, with no need to pay anything or ask for my consent. You can even charge money to give the talk! Please, just teach people about security.

In efforts to ensure anyone who presents my material has a good experience I made a GitHub repo with an instructional video of what to say, a readme file with written instructions and links so you can watch me do the talk myself.

Me, delivering this talk for the first time, on stage.
Me, delivering this talk for the first time, on stage, at DevOpsDays Zurich, in in beautiful Switzerland.

I’ve had a few people ask me why I would do this, and there are a few reasons.
* To spread the word about how to secure software; it’s important to me to try to make the internet and other technologies safe to use.
* To help new speakers (especially from underrepresented groups). If they have something they can present, with instructions they can follow, hopefully it will help make them more confident and skilled at presenting.
* To share knowledge with my community in general: sharing is caring, yo.
* The more people who present my talk the more people who may decide to follow me. SO MUCH WIN!

You can give this talk at any IT meetup, especially DevOps, InfoSec or any software development meetup.

Please go forth and teach AppSec! And if you have feedback I want to hear it!

For content like this and more, check out my book, Alice and Bob Learn Application Security and my online community, We Hack Purple!

Why I Joined the NeuraLegion Advisory Board

I joined the NeuraLegion Advisory Board because they’re really fun to work with. Gosh, that would make for a short blog post, wouldn’t it?

When I started my quickly failed startup in 2019, Security Sidekick, Bar Hofesh reached out to me to see if he and Gadi Bashvitz could help. I was pleasantly surprised to have several people in my industry reach out to me, and even other small companies reaching out to see how they could help me with my startup. InfoSec is full of kind and generous people, let me tell you.

When I left Microsoft, I had committed to several speaking engagements before I decided to leave, including the 2020 RSA conference, and rather than be in breach of contract with several conferences and potentially ruin my reputation, I completed all of the obligations that I had made while I worked there. But there was a catch: I had to pay for all my travel myself. Bar and Gadi knew this, so they offered me a free place to stay (in San Francisco!!!!!) which I really appreciated. It didn’t work out in the end, but we met up in person for the first time for some Starbucks, and it was awesome.

You know that feeling when you meet someone, and you like them immediately? Bar and I talked nerdy, and Gadi tolerated us. We continued to stay in touch.

Fast forward a few more months and the NeuraLegion tool NexDast was fully developed, and I had started We Hack Purple. We decided we wanted to find an excuse to work together, because we got along so well, and we all feel really passionately about security and changing our industry for the better.

That’s us!

We decided that we would plan a workshop together; I would teach a bunch of cool DevSecOps stuff, we would use Broken Crystals (more on this in another blog post), and demo their product. We made a GitHub action together, we made a workshop together, and of course we found lots of bugs together. It was super, duper fun and a smashing success!

Then Christmas and Hanukkah came, and Gadi called me up. He asked me if I wanted to join their Advisory Board, so we no longer had to make excuses to work together. What could I say? I said yes.

We have so many ideas of fun and awesome things we are going to work on together, to make their product even better, and to give back to the community. In addition to being great people, we also share a commitment to shifting security left and making sure application security is liberated and automated as part of the SDLC, and put in the hands of developers, not just AppSec people.

I’m honored to be on their Advisory Board, and I feel lucky to have the chance to work with such a talented and fun team.

For content like this and more, check out my book, Alice and Bob Learn Application Security and my online community, We Hack Purple!