CISO at @sardineai. Treasurer of @OWASP Board of Directors. (he/him) qatta' mIghtaHghach.
Phoenix, AZ
Joined July 2009
- Tweets 8,305
- Following 139
- Followers 776
- Likes 17,402
This is what I did to move from webdev to appsec, but in my 40s.
I took an entry-level, low-paying job at @whitehatsec to get my foot in the door, then pivoted to the @PayPal security team.
Best career choice ever, even though I nearly went bankrupt.
bbc.com/worklife/article/201…
3
We were using checklists 10+ years ago at @whitehatsec. Likely anyone who has worked in a professional setting with other pentesters would use them for consistency and quality.
1
You might check out Thrive by Brendan Brazier. He’s a vegan Ironman competitor (or was).
nitayoga.com/wp-content/uplo…
1
1
Why does @apple force children under age 13 to use the iCloud.com email service as their Apple ID? Appears to contradict their privacy promise.
Try turning off the auto events from Gmail and see if the problem goes away.
support.google.com/calendar/…
1
The Federal Government and Congress should add crypto backdoors into all of their systems to show the public how great it is.
Best part, pretty sure @realDonaldTrump can get Russia to pay for it!
When even the *American Library Association* is telling you back doors are wrong, I dunno, maybe you should listen. #SaveSecurity
1
Nah, if I were to go after the stock market, this is how I’d do it.
latimes.com/business/la-fi-s…
2
I had it off for a while, but it added a LOT of time to manually correct the mangled mess that is phone keyboard typing. Gave up and turned it back on and try to proof read better with mixed results, but still faster overall.
1
There are 20 candidates for @OWASP Board election, including myself!
Happy for so much interest, but puzzled by candidates that have a near-zero presence in OWASP wiki (many only appear on the election page).
Be careful of mystery candidates!
owasp.org/index.php/Staff-Pr…
1
Is this related to ISO/PC 317 and the work by @ansidotorg?
iso.org/committee/6935430.ht…
Interesting, @ToyotaFinancial wants me to fill out a satisfaction survey from a recent call, but I sat on hold for 10 minutes and hung up without speaking to anyone. Guess they know who I am from caller ID, but don't know that I never actually connected with an agent?
For those that are warring, seems odd to spend so much negative mental energy on people who are *on your side* instead of actual adversaries, who are presumably showing up with popcorn.
1
No, the opposite. “Orchids” are very sensitive to their environment, “dandelions” are robust and can make anything work. Those dandelions appear indifferent, but in their world, it works out regardless.
This book will explain so much. I listened to the Audible version, it is excellent.
goodreads.com/en/book/show/3…
2
Perhaps your mobile carrier sells data to a broker, so while the browser is incognito, your mobile carrier knows who you are. Or uses unique headers, although I thought they stopped doing it, eg:
ftc.gov/system/files/documen…
1