Bil Corry @bilcorry

CISO at @sardineai. Treasurer of @OWASP Board of Directors. (he/him) qatta' mIghtaHghach.

 Phoenix, AZ
linkedin.com/in/bilcorry/
Joined July 2009
  • Tweets 8,305
  • Following 139
  • Followers 776
Filter
Exclude
Time range
-
Near
Load newest
Replying to @jeffersongraham
Next up, rooms where they pay you $20 a night to stay in them, but the resort fee $100.
1
Free @owasp education: "Hacking APIs for Beginners" taught by @InsiderPhD Register here (free): lightning.owasp.org/schedule…
3
3
Replying to @_mwc
White glove treatment, you’re lucky. All I get are these.
1
Replying to @realhamed
What about Twitter-length micropapers?
Replying to @laraghavan @cigitalgem
The irony is PCI requires devs be trained annually regarding secure coding. There is NO requirement to train them on “PCI”.
2
1
2
Replying to @laraghavan @shehackspurple @robertauger @cigitalgem
I agree. If the policies, processes, and tooling make compliance invisible, there isn't much to say other than follow/use/audit the policies, processes, and tooling to remain PCI compliant.
1
1
5
Replying to @RachelRecruitin
I think it's a symptom of how people find their way into the industry. I wouldn't want OWASP to become a gatekeeping signal, but do encourage those who don't know about OWASP to join their local chapter -- it's free! And global! owasp.org/chapters/
1
1
Replying to @juliagalef
Haven’t tried it, but we were looking at @HelloLanding hellolanding.com
1
Replying to @j_winterton @laurenapri
Me: When are you coming home? The kids and I miss you. Wife: I’m doing a writing retreat. Me: But you hate writing. And it’s been 2 months. Wife: I love it now.
1
Replying to @nickmoutvic @SarahWatson42
I taught my kids that they have the right to say “no” to anyone, including me. The authoritative style of parenting demands obedience, and it sets kids (especially girls) up for abuse by those in authority.
Replying to @randomdross
They seem surprised that you want chips AND salsa.
1
Replying to @alfiekohn
I wonder if it’s also true for GPA? Do students with the highest GPA not do as well psychologically and ethically?
1
1
Replying to @manicode @owasp
Easy enough to fix. I present to you the OWASP Top One: 1. All the vulns in the universe — past, present, and future. Protect against that and don’t let me down.
2
4
Replying to @frgx
A year in and I’m just finding out NOW that naps are allowed?
1
1
If you're building IoT, IIoT, ICS devices, this @ABAesq talk about insurance looks interesting. They're covering Cyber, General Liability, Product Liability, Tech E&O, Property, Crime, and D&O policies. americanbar.org/events-cle/m…
1
Replying to @ftp_alun @laraghavan @owasp @TechFTC
Or “Save Image” 🙄
What am I missing? What other dumb security practices do we push onto users?
3
4. Websites that ask/require users for credentials to other websites, such as to import financial information, to allow a potential employer to dig through your social media account, and similar. Do you really trust that website with your banking password?
1
1
This next one is not really something the Security team pushes onto users in so much as it is something the product team wants and Security often loses the fight to prevent it. So calling it out, because it's super dumb and we should stop allowing it.
1
3. "Secure" email products that require users to open HTML email attachments. The very same attack vector as some phishing. It has the additional downside of training users that opening HTML attachments is a normal behavior.
1
1
Load more