Taking Baby Steps With Corporate Security Programme

Earlier you start, the most effective you’re going to be for two main reasons. One is that people won’t even have a chance to form bad habits if security was always in place and the second is that it’s more expensive to change architecture design and refactor a finished product. https://www.youtube.com/watch?v=X-ycICDBdg0

Reading is an art and this is how I’ve learnt it

Everyone thinks they know how to read books. And I was nohow different, for years wasting the potential of tens of books I’ve read only because I didn’t know how to extract the value from them. No one ever showed me how to do it, until I’ve spent myself hundreds of hours reading hundreds of … Continue reading Reading is an art and this is how I’ve learnt it →

88 Books That Transformed My Life And Career

Some time ago, a couple of colleagues asked me if I can recommend a couple of good books. It’s been quite a few books which have helped me change my life, so I created for them a solid list of books that made a positive impact on my life. They liked some of them and … Continue reading 88 Books That Transformed My Life And Career →

I want to be a hacker: But where do I start?

Together with Ricki Burke‍ we’ve written a good piece of advice for aspiring hackers and InfoSec Professionals-wannabie trying to break into the security industry. Hope this helps new generations of security fellows, and those are the things I really wish I’ve had heard when I was starting out in the field. Please find our article on … Continue reading I want to be a hacker: But where do I start? →

Learn how to run productive security meetings

In my experience, engineers are sometimes scared — for real — to join a meeting with a security team. Lots of engineers I’ve met had bad to at least poor experience in the past with security folks who either shouted over them or were blocking all initiatives and defaulting to NO each time someone asked a question. To build … Continue reading Learn how to run productive security meetings →

Do the work behind the scenes and don’t be a workflow bottleneck

InfoSec as an enabler Of one thing I’m certainly sure — there is no place for a NO person in security department. Long time ago already I’ve stopped counting how much time and effort I had to put to convince my coworkers that not all security people are rude bots whining about insecurities of everything and trying to … Continue reading Do the work behind the scenes and don’t be a workflow bottleneck →

Make security personal and never play the shame game | ESM part 8

Make it all about them Professionals want to constantly expand their horizons and develop their careers. Luckily for InfoSec folks, security is one of the things people want to learn about as they’re being bombarded about it from everywhere including TV news. If you frame it right by making the subject exciting and help them … Continue reading Make security personal and never play the shame game | ESM part 8 →

Internal security trainings and awareness awards | ESM part 7

Conduct recurring security trainings Videos and online presentations are good, but nothing can really replace quality in-person meetups. Show as many demos as possible and don’t stick do overloaded PowerPoint presentations which put people to sleep. It’s fine to share raw technical details as a recap materials, but while starting out you must make people … Continue reading Internal security trainings and awareness awards | ESM part 7 →

Embrace DevSecOps | ESM part 6

Concept of purple teaming is something I felt in love with many years ago when I was experimenting with various ways to make myself more effective. Everything has changed — in a good way — when I started embracing culture of collaboration where attackers and defenders work together to create best possible way of securing the products. We’re out … Continue reading Embrace DevSecOps | ESM part 6 →

Make security simple | ESM part 5

Simplify it for them Security is often perceived as complex and cumbersome which makes engineers unwilling to work on it. In order to get things done you need to simplify and carefully explain your requirements. Strive to make it easier to build secure products because cheaper it is to add security, more likely it’ll get … Continue reading Make security simple | ESM part 5 →