TestDive 2018 Invitation – Integrating Security into Agile & DevOps Software Engineering Cultures

I'm proud to announce that I'll be giving a speech on DevSecOps at TestDive 2018, and will do my best to help organize this fantastic conference! Check out the official website http://www.testdive.pl/ and sign up, because the number of seats is limited 馃檪 https://www.youtube.com/watch?v=HNpG_sjD9Yg

Tematy w security, o kt贸rych nie m贸wi si臋 wystarczaj膮co du偶o, czyli element ludzki

Dzi艣 na podca艣cie go艣cimy Andrzeja Dyjaka, specjalist臋 ds. cyberbezpiecze艅stwa, z kt贸rym b臋dziemy rozmawia膰 g艂贸wnie o tematach zwi膮zanych z najnowszymi b艂臋dami bezpiecze艅stwa, ale nie ob臋dzie si臋 bez rozm贸w o holistycznym podej艣ciu do bezpiecze艅stwa i tym jakie aspekty psychologiczno-socjologiczne powinni艣my uwzgl臋dnia膰 jako community security. Andrzeja mozecie znale藕膰 na https://dyjak.me | @andrzejdyjak | https://www.linkedin.com/in/andrzejdyjak/ a nagranie na: https://www.youtube.com/watch?v=lbUBq7fUSFk…

Jak wygl膮da praktyczna implementacja DevSecOps

Agile'owe podej艣cie do bezpiecze艅stwa brzmi wy艣mienicie i wielokrotnie spotka艂em si臋 z sytuacj膮, w kt贸rej ludzie nie wiedzieli jak si臋 za to zabra膰. Wobec czego, jaki艣 czas temu stworzy艂em podcast wprowadzaj膮cy w 艣wiat DevOps i DevSecOps, natomiast by艂y to bardzo lekkie materia艂y, kt贸re nie zawiera艂y 偶adnych sekret贸w, lecz raczej co艣 na posta膰 historii tych ruch贸w. Wczoraj,…

TOP 9 Rules To Maximize ROI Of Bug Bounties And Penetration Tests

Originally posted at聽testarmy.com Having worked on both sides of the fence, I want to share my biggest lessons learnt during my聽career聽that entailed: being a聽penetration tester聽and red teamer being an accomplished聽bug bounty hunter working as an聽internal聽QA聽engineer, Security Engineer and Security Architect a'ka blue teamer running and maintaining聽bug bounty program聽for a handful of companies worked as a…

Attention seeking via cheap shaming of Twitter is doing no good to the industry

Just a quick rant here. I've written it in a couple places already, but I want to share it with you here as well. I'm seeing lots of people complaining how bad Twitter was, that they should be punished, how dared their CTO write a message in such a tone, and what not. Okay, so…

Here Is What We Should Teach All Software Developers About Security

I've received this聽question聽a couple of weeks ago and I believe it's valuable enough to spread my thoughts on the subject here as well. Having been a university lecturer myself I truly believe there is much more we could be doing. It doesn't mean we need to聽push a lot of new聽knowledge聽on students, it's just enough if…

Priceless braindump resources from Chris Roberts. Truly inspiring.

InfoSec folks, I've got a rare gem for you! Priceless braindump resources from Chris Roberts. Including Data Security Maturity Model + beautiful and deep articles from a man on a mission. Check this out: https://www.dropbox.com/sh/8wuc9szpiuv8ir6/AACcLVcVBHRgI7hA5uNehIsfa?dl=0 Some serious goodness shared today by legendary Chris Roberts ! Most notable docs IMO: 聽2017 stuff/ Blogs 2017 catalog 聽Blogs…