So excited, almost time for #DiveTrack #LocoMocoSec I will be snorkeling since I am not allowed to dive
0
0
1
0
Hashtag
#locomocosec
Advertisement · 728 × 90
#LocoMocoSec
If you are a hiring manager
Talk to me about how to change how to hire to improve it
0
0
0
0
#LocoMocoSec
Note
Money isn't everything
0
0
0
0
#LocoMocoSec
Q
Skeptical about being able to introduce security into framework
0
0
1
0
#LocoMocoSec
Q
Harder to hire or convert
A
Used to be convert, now it's hire
A
Easier to train developers who are interested than teach security about code complexity
A
Market dynamics
460k security people if 2%
May not be a choice, must train
0
0
0
0
#LocoMocoSec
Note
Obvious mistakes may not be obvious
It's not an ugly baby it has interesting features
Note
Focus on language or framework level changes to make insecure harder
0
0
0
0
#LocoMocoSec
Q
Relationship building and training
How do we work so that we are all not starting at zero
A
Enforce secure by banning bad things
Assume they don't know security, but are great coders
Start with education for everyone, everyone goes through all training
0
0
1
0
#LocoMocoSec
Q&A
Q
We can't expect devs to change we need to adapt, but we want to push left is that asking devs to change
A
Partnership model
They need to write the most secure code they can
We need to give them tools, training, etc
A
Yes it is a change and a hard sell
0
0
1
0
#LocoMocoSec
What one thing you will continue doing after your work, and one thing you would not do based on your work
Join owasp, watch out for the negative people
Never stop talking about it keep passion up, don't be the no guy that's why security has a bad name
0
0
1
0
#locomocosec take aways
Bug bounties and pen tests are not equivalent, build security in
Enable devs to find and fix security vulns
Automate all the things, small seeming projects can have great value
Make sure training is relevant about security for devs, write peer reviews
0
0
1
0
notok: creation and challenges in mental health and app development at LocoMocoSec: Hawai'i Product Security Conference https://sched.co/JvFK @locomocosec #LocoMocoSec @sched some technical issues but interesting
0
0
0
0
The truth about cookies, tokens and APIs at LocoMocoSec: Hawai'i Product Security Conference https://sched.co/JvFH @locomocosec #LocoMocoSec @sched
0
0
1
0
Have you adapted your AppSec? at LocoMocoSec: Hawai'i Product Security Conference https://sched.co/JvFE @locomocosec #LocoMocoSec @sched
0
0
1
0
Anyone else having wifi issues #LocoMocoSec
0
0
0
0
On the way to a luau with @murdoch_monkey thanks to #LocoMocoSec he is my date since my partners aren't here
0
0
0
0
Hey #LocoMocoSec bus is here at the valet area!
0
0
0
0
I'm excited to attend Visibility & Control: Addressing supply chain challenges to trustworthy software-enabled things at LocoMocoSec: Hawai'i Product Security Conference https://sched.co/MkbG @locomocosec #LocoMocoSec @sched
0
0
1
0
Evolving beyond the vulnerability whack-a-mole game at LocoMocoSec: Hawai'i Product Security Conference https://sched.co/MGMy @locomocosec #LocoMocoSec @sched
0
0
1
0
I'm excited to attend Bug bounty botox: how to spot good security DNA & prevention from cosmetic security at LocoMocoSec: Hawai'i Product Security Conference https://sched.co/MGMg @locomocosec #LocoMocoSec @sched
0
0
1
0
Multi-party vulnerability response in/with OSS at LocoMocoSec: Hawai'i Product Security Conference https://sched.co/MGMH @locomocosec #LocoMocoSec @sched
0
0
1
0
@JonNoorlander presenting at #LocoMocoSec on a 80% decline in agree of vulns and 50% decrease in vulns
0
0
1
0
Tips and tricks for effective vulnerability management at LocoMocoSec: Hawai'i Product Security Conference https://sched.co/MGM9 @locomocosec #LocoMocoSec @sched
0
0
1
0
A good first impression can work wonders: creating AppSec training that developers ❤ at LocoMocoSec: Hawai'i Product Security Conference https://sched.co/MGNM @locomocosec #LocoMocoSec @sched
0
0
1
0
For everyone on who liked my armor leggings here's the company I got them from https://loricaclothing.com it was a Kickstarter but now they're generally available #locomocosec
0
0
0
0
JavaScript supply chain security at LocoMocoSec: Hawai'i Product Security Conference https://sched.co/MGLq @locomocosec #LocoMocoSec @sched
0
0
1
0
Upstreaming security to rails: a story about falling behind and catching back up again at LocoMocoSec: Hawai'i Product Security Conference https://sched.co/MGLG @locomocosec #LocoMocoSec @sched
0
0
1
0
SDL at scale: growing security champions at LocoMocoSec: Hawai'i Product Security Conference https://sched.co/MGL2 @locomocosec #LocoMocoSec @sched
0
0
1
0
SBoMs (software bill of materials) – the looming format skirmish at LocoMocoSec: Hawai'i Product Security Conference https://sched.co/MGKJ @locomocosec #LocoMocoSec @sched
0
0
1
0
Who wants a thousand free puppies? Managing open source software security in the enterprise at LocoMocoSec: Hawai'i Product Security Conference https://sched.co/MGK0 @locomocosec #LocoMocoSec @sched
0
0
1
0
0
0
1
0