Infosec Good/Fast/Cheap

In an effort to address decades of security vs developers friction, Tromzo recently decided to hold an event to bridge the gap and focus on practical security missions that overlap and relate with developer building focuses. This was the first Developers and Security are Friends Day event in Austin, Texas, and I truly hope more are to follow. I’m an avid conference-goer, and this is one of the few, if not only event i’ve seen that had a near 50/50 split from builders and breakers alike. Likewise, I offered my time and gave a free training on managing good/fast/cheap infosec resources, sharing the respective stages alongside some good friends, new and old:

Jim Manico - Manicode Secure Coding Education
Matt Johansen - Vulnerable U / Reddit
James Wickett - DryRun Security
Esha Kanekar - Netflix
Colleen Dai - Semgrep
Johnathan Kuskos - Chaotic Good Information Security (it would be weird to not include myself, right?)

Harshil Parker, CEO and Co-Founder of Tromzo recently shared an editorial on the event on his Future of Application Security Newsletter, and you can read his synopsys here: https://www.linkedin.com/pulse/good-fast-cheap-security-pros-reveal-how-have-all-without-parikh-eyoic

Additionally, I also sat down with Eric Sheridan, pioneer of static code analysis, co-founder of Infrared Security, and current Chief Innovation Officer for Tromzo to talk shop, share some war stories, and discuss the realities of where security programs miss the mark on being good partners to their development counterparts. You can find our discussion here: https://tromzo.com/podcasts/ep-48-chaotic-good-s-johnathan-kuskos-on-testing-for-functionality-priorities-and-better-incident-response

Cheers, and happy hacking everyone.