“I’d like to change the name of my organization from Application Security to Product Security.” I remember broaching this topic to my CISO at the time. While it seems like a minor change, the reality is that there are significant differences. And there was a purpose behind it. What’s in a name While AppSec is […]

Attack Trees as Allies in Threat Mitigation The ability to anticipate and proactively mitigate potential threats has become the holy grail for many organizations. In that pursuit many organizations turn to practices such as threat modeling, which I’ve written about before. While threat modeling can be a powerful tool in the organization’s toolchest, it can […]

Embracing Threat Modeling for Agile Resilience Many years ago in software development the relationship between development and operations had given rise to DevOps —a union that has reshaped how we conceive and deliver software systems. The transition from traditional methodologies to the agile, integrated approach of DevOps marked a seismic shift. DevOps stitched together siloed […]

There has been a lot of talk recently about how artificial intelligence (AI) will transform our lives. While AI as a concept and in practice is not new (think auto-complete and chatbots), there have been some significant advances in recent years leading many individuals and organizations to try and understand how they will leverage this […]