Should security schemes be more prescriptive?
"None of the security certifications or regulations are prescriptive; it is up to your company to define the scope, means, and implementation"
While this sounds great, does it put too much interpretation in the hands of the auditor?
Are you measuring subtle frictions?
This quote really made me think "where friction introduced by AI tooling is subtle enough to go unnoticed in the moment but cumulatively slows real-world output"
How many other sorts of subtle friction do we experience?
What are your essentials for setting up security monitoring?
Keeping an eye on the health and effectiveness of our systems is crucial but security monitoring can make the difference between small incident and catastropic event.
Are you ready to rollback?
This is a really pragmatic guide to thinking about rollback as well as rollout when planning your systems. Rollback can be an important part of incident response and we shouldn't underestimate how hard it can be.
Would you use an AI bot as your therapist?
While this study identifies some challenges from a safety and risk perspective, I think we are still yet to grapple with the PII and privacy implications of this sort of application.
Do I think everyone should get the help they need and have someone to ta
Every week, someone comes at me with some hustle culture nonsense about how I must work 24/7 and from anywhere..... sure.... obviously.... 😂
Four months ago, this was a garden potting shed....
Now it's my dream office and recording studio, and the most peaceful space I've ever worked from.
As a founder, it's crucial that I have space to focus, but as a carer, I can't be far from home. This is the perfect compromise.
I’ve joined Sweat with Pride this June to support my rainbow whanau here in nz. 🌈 and on behalf of my very rainbow-t’astique family in the uk 🇬🇧🥰
If you would like to support this great cause you can sponsor me!
www.sweatwithpride.com/fundraisers/...
🤯 😢 It's 2025, and yet, in the age when AI is making all software and security jobs redundant...
We are still collecting payment information like this???
Much work is needed to secure our software experiences for our organizations and end users.
👀 sneak peak to whats coming very soon from @safestack 👀
Any of you want an easy way to build and mature an OWASP SAMM or NIST SSDF application security program?
DM me for early access and special pricing for early adopters.
This is going to be epic 😍
#owasp #appsec #infosec #productlaunch #ss
Hey #software leaders - I see you, spinning so many things at once.
Watch this space in Feb for a @SafeStack announcement that could make your #appsec life a lot easier.
The four hardest things about being a startup CEO right now ;)
#founderlife #startup #buildinpublic
My banned phase for 2025: "it depends" Let's make this year of making appsec easy and making small steps forward and stop hiding behind uncertainty and "what if"
#appsec #owasp
For the second time this year, I find myself impacted by health issues on a trip.
This time, COVID knocked me flat in less than 24 hours and has torn this trip asunder.
I am devastated but also grateful to be able to isolate and focus on recovery. I will be returning to NZ as soon as safe to do so
For the second time this year, I find myself impacted by health issues on a trip.
This time, COVID knocked me flat in less than 24 hours and has torn this trip asunder.
I am devastated but also grateful to be able to isolate and focus on recovery. I will be returning to NZ as soon as safe to do so
The fabulous Denise Jacob’s keynoting NDC Porto
Wise words about how to reflect and adapt to what’s happening in the professional world right now
Great turnout for day one here at #ndcporto
Come say hi at the SafeStack booth where I’m doing an AMA! Bring all your #appsec questions
You can even grab stickers or have us plant a tree on your behalf
Same.
It’s normal for the parents in Bluey to make you feel like a bad parent right?
Oh no. Is it cosmic kids yoga? Our small people loved that and I don’t remember it being angry
Doing a thought experiment about how little you need to say to teach a CWE to a developer such that they can avoid it 😂💪
Anyone feeling brave?
Bluesky now has over 10 million users, and I was #55,038!
Wow I had no idea I was so early.
Thanks 💜🙏
🔎 Looking for a 3-minute distraction to help me and SafeStack be more awesome. 🤩
If you are a developer or appsec person, complete my tiny survey! We are working on some cool stuff, but we really need a bit of data to help us plan.
form.jotform.com/242598632391869
This.
I don’t have a dog of my own so I send you my favourite dog and many hugs from afar
Great talk by James Cooper here @owasp nz.
Coherently and clearly explaining SLSA and how to get started with it in your CI.
Yay! You’re here too!
Getting settled for the opening keynote here @owasp.org New Zealand
Come say hi if you see me around. Look for the D&D converse and come grab some SafeStack stickers
Omg I’m in Auckland for OWASP NZ!
The locals seem friendly
