Went to my local SecTalks today

In an effort to be more involved in the tech community I ventured off the local SecTalks chapter for a talk on application security.

The talk was pretty good, covered a lot of ground from basic defensive programming to supply chain management. The target audience was not software developers but security folk and I think Lochie did a good job from that regard.

In my opinion, security engineers sometimes forget software engineering is just as vast and difficult as their trade. For red-team types, security failures only need to happen once to achieve their intent whereas application defence is a constant and ongoing process. This can lead to a misalignment of realities between the two professions and animosity from my experience. Throwing shade is always so easy!

The speakers intent was to help remind everyone that we, application/software developers, do try our best, for the most part, to create secure products. I think he did that.

I should probably get up and give a software related talk one day though I’d have to find a topic that’s suitable for the SecTalk crowd. Maybe security scanning at scale with NATS as the backbone! I was scheming up some ideas in the drive home; probably a network scanner that hits bug bounty targets, collects results stores in KV then aggregates data into an ObjectStore for historical analysis or something like that.

Tags:

#sectalks #meetup