https://www.youtube.com/shorts/wgrIy9Cz0qY I recently flew to Ottawa to record the narration for my second book, Alice and Bob Learn Secure Coding, and it was a LOT of work! From September 1st to to 7th, 2025 I recorded 6 hours a day at The Cave recording studio. Focusing on reading highly technical content (including tons of code),…
Threat modeling is really just a fancy way of saying: “Let’s think about what could go wrong with our software in advance, so we can stop it before it happens.” When we build applications, most of us usually think about features, speed, and usability. Threat modeling adds another viewpoint: security. Instead of waiting for attackers…
Thank you very much to everyone who came to my talk at OWASP Global AppSec in Barcelona! It was so lovely to have the chance to speak to so many of you, and to share our experiences around security champion programs — especially the ways they can go wrong, and how to avoid those situations.…
Saturday April 26th 2025 through to Friday May 2nd I attended RSAC and B-Sides San Francisco, and it was amazing! Let me tell you about my trip!
It’s been a long time since I last wrote on my personal blog, but I’ve been busy creating tons of content! I figured it’s time to share everything I’ve been working on over the past nine months—events, projects, and all. Hope you find it helpful! 😃
Black Hat to Def Con, Diana Initiative to SquadCon, invites to see Tanya all week long!
June 15 & 16th, 2024, I was in beautiful Vancouver Canada with my colleagues Amanda McCarvill and Brandan Wu for the annual, local, moving conference that spreads the Pacific North West to give a talk, but it turned into so much more: OWASP AppSec PNW! The night before was the speaker's dinner, where I got…
Hey there, fellow security folks! I've got some absolutely incredible news to share with you today. Brace yourself, because I guarantee you'll be just as excited as I am. Drumroll, please... introducing Semgrep Academy! Are you ready to learn all things application security, secure coding, API security, static analysis, and maybe even some functional programming?…
On Oct 29th, 2023, was the very first edition of “ThreatModCon”, a conference dedicated entirely to threat modelling. On the 30th and 31st was “OWASP Global AppSec”, a conference by the OWASP Foundation, dedicated entirely to application security. On November 1st and 2nd, I helped Adam Shostack deliver his 2-day intensive threat modelling training. This…
Quite often clients ask me “Which API Security Tool should I buy?”, and as you might have guessed I answer “It depends”, then proceed to ask them a dozen questions. Recently I asked a colleague at Semgrep if they felt this process might be of value to my readers, and Chinmay said “Absolutely!” and here we are with a new blog post.
