Hello! I will be all over the place in San Francisco from Saturday June 4th to Thursday June 9, and I’d love to meet any of you that are going to be there. My schedule is pretty hectic, but I’m sharing it in hopes some of you can join me at one or more of the events. Thank you to BRIGHT SECURITYfor sponsoring & supporting every bit of this trip.
Saturday June 4th, the Bright team will be at B-Sides all day! They have a booth and if I arrive in time I will be there in the late afternoon (4:00-5:30). Sometimes flights are late, so this one is non-certain.
Sunday June 5th I will be hanging out with the Bright teamall day long! 8 am to 5 pm. Please come join me!
Sunday June 5, 6:00 – 8:00 pm, We Hack Purple is having a meetup at Share Bubble Tea, 135 4th St, San Francisco, CA 94103, United States. We will likely be milling around outside and inside. Bubble Tea is a tasty Asian dessert, and it’s about $6, so this meetup shouldn’t cost you much at all to join. You don’t even need to buy anything if you don’t want. Everyone is welcome to come hang out! RVSP within the WHP community to let us know you’ll be there.
Monday June 6, 8:30 am, my talk at RSA! Check the conference schedule for the room!
Monday June 6, 9:40 am, Birds of a Feather event at RSA: Transforming Security Champions – Check the schedule for room #
I will also be attending several meetups this day, but you need to get your invite to attend (I cannot get you an invite, sorry!): Microsoft Party, Forte Group, IANs Faculty Party, and RSA Speakers Event
Tuesday Jun 7, 12:40 pm, RSA Panel, Spreading Application Security Ownership Across the Entire Organization – Check RSA conference schedule for room number
Tuesday June 7, 1:30 pm to 2:00 Book Signing at RSA Library, bring a copy of Alice and Bob and I shall sign it for you! South Hall, Mezzanine Level Lobby.
Thursday June 10, 12:30 pm – Last book signing with free copies of Alice and Bob Learn with Cloud Defense! Please come see us in the Moscone center at their booth!
Lastly, if you want to talk to an expert from Bright, you can book them directly, here. Ask them all of your questions about dynamic security testing, security unit testing, and more! Seriously, they would love to meet you!
Yes, you read that right! My friends at Bright bought my company, We Hack Purple! Bright makes a DAST (dynamic application security testing tool), and I have been on their advisory board for some time, so we know each other well and have been working together for years. They also just released a brand new tool for the Lucky Framework (crystal programming language), which creates security-focused unit tests, automagically! Trust me, it’s very cool, and there’s more on the way!
As part of this deal, starting immediately, all of the courses from the We Hack Purple Academy will be available in the We Hack Purple Community, for FREE. Yes, you heard that right. Secure coding for everyone!
So what comes next? I plan to work with Bright for the next couple years, creating more content, running the We Hack Purple Community, speaking at conferences and helping to improve the Bright products until they are absolutely spectacular. I will also start on writing my next book, Alice and Bob Learn Secure Coding.
I started coding at 17 years old, and it was love at first sight.
I got great marks in all of my classes in high school, but loved computer science because in every class, I could “make something out of nothing.” Computer science runs deep in my family as almost all of my aunts and uncles are computer scientists, and my cousins are engineers, scientists and programmers. When I announced that I wanted to go to college for computer science my family responded with “what else would you take?” It wasn’t until years after working in tech that I realized that this is not an experience that most young women share.
I landed my first job in tech at age 18, and haven’t stopped since, despite several career setbacks, harassment and toxic work environments. I realize this might not seem very encouraging, but I have to tell you; things in tech have really improved. I’ve had the fortune of work experience in a variety of different situations both in computer science and in my other passion, music. Both careers taught me the value of collaborating with others, confronting differences, and taking constructive criticism well. It’s also given me the benefit of becoming more resilient when it comes to unpleasant situations or less-than-constructive comments made in the workplace.
For many years, I was a programmer by day and a musician at night. My successful music career allowed me to play in countless venues and bars around town, and it taught me many lessons that have since turned out to be very helpful in tech, such as how to handle hecklers, how to capture the attention of a drunk and belligerent crowd, and what the best way to throw someone off a stage is. As you can imagine, there were challenges to being a young 20-something woman in a hardcore punk band.
Later in my career I met an ethical hacker who was also in a band and we became friends. He spent the next 1.5 years convincing me to join him as his apprentice and learn how to hack. I became fascinated with the security of software, I wanted to know everything. I joined my local OWASP chapter and almost immediately became a chapter leader, which helped me greatly since I had the chance to invite experts on topics that I was interested in to come speak for us. I also met my next 3 professional mentors though OWASP, who taught me even more. OWASP is an incredibly supportive and amazing community, I strongly recommend that everyone joins their local chapter.
At this point in my career I felt like I had a thirst for knowledge that could not be quenched. Although I managed to switch over from software development to a full time security job, I was frustrated that there was no budget for me to go on the types of advanced training that I was interested in. Then one of my professional mentors convinced me to speak at a conference, and they let me in FOR FREE.
For the next 2 years, I spoke at meetups and local events, taught myself as much as I could, and worked in application security helping developers make more secure apps. I loved it, but I kept striving for more. I wanted to do more modern types of application security, and I realized that the organizations I worked for were not very modern, and resistant to change. I found that my drive and ambition was difficult for certain managers, and it became a point of friction for me in the workplace.
Then I broke through from meetups into speaking at conferences. I honestly couldn’t believe it when I received the email saying that I had been accepted to speak at AppSec EU, the international OWASP conference. I discovered that all of my musical stage performance skills transferred over and with all of my practice at meetups that I had become good at public speaking. After AppSec EU, I had invitations to speak all over the world. As conferences started sending me plane tickets, I took time off work and went off to learn for free. I realized that a career shift was necessary. I knew that I had something to offer to the right employer, but I wasn’t quite sure what that would be… Then Microsoft reached out to me.
A Microsoft representative said that he had heard about me, and wanted to interview me for a “Developer Advocate” position. I had no idea at that point that “developer relations” was a job, and when he described what the job would be I said “I already do that, for free.” It took him about 20 minutes to convince me that he was not kidding, this was a real job, and he was actually from Microsoft. Before I knew it, I was traveling the planet, learning about cloud security, working with absolutely brilliant people and so much more. All the while I was *getting paid* to do it! Talk about a dream!
During my many years traveling and talking to the community, I learned a lot about my industry, both good and bad. I learned that software developers had a lot of aches and pains in regards to security that I had also felt when I was a developer, and especially during my work in incident response and AppSec. My goal in being a developer and cloud advocate was to help push the industry forward, and to help people create more secure software, everywhere. During this time I founded the #CyberMentoringMonday online initiative and the WoSEC (Women of Security) organization, released countless articles, videos and podcasts, and spoke regularly at security events. Although I definitely felt I was helping many people in my industry, I felt like I could do even more. I also felt the constant travel was extremely exciting, but also exhausting and perhaps not the most efficient way to help the most people. I wanted to figure out how to make a bigger difference, and ’scale’ myself in a more effective manner.
With that in mind, I started to devise a plan; focus my efforts in a more concise way in order to deliver more impact. Do fewer things, but do those things in a very big way. I decided to choose two big goals; to write a book and start my own company. And I decided I would just go for it, even if it was scary.
I realized at this point that I was going to have to leave Microsoft to pursue my new career goals. I decided to start my own online training academy, We Hack Purple. We have a podcast, community and courses, it’s a dream come true!
If I can offer advice to you it is this: if you want it, go get it. Don’t let anyone tell you that you can’t reach greatness; you can, you just need to be prepared to work like you’ve never worked before. The Information Security industry needs all the help it can get, and we definitely need you. Yes you, the person reading this right now. Please join us, and help us make the world a better and more secure place.
All of the streams are free, and I would love to have you join us live! If you can’t make it live, you can watch them after on my YouTube Channel, or download them via a podcast app by looking for the podcast “Alice and Bob Learn” (which will be launched right after the first stream).
Ideally, you will read the chapter before the corresponding live discussion, but if you don’t, that’s okay. You will still learn, and you are definitely will welcome to attend. 😀