Rage Consultant @darrenpmeyer@infosec.exchange

I'm #hiring another Senior #AppSec engineer at CrowdStrike. This role focuses on assessing the security of various on-device sensors, including threat modeling, testing, and code review. Knowledge of OS internals is a huge plus, especially macOS or Linux. #getfedihired #nowhiring

https://crowdstrike.wd5.myworkdayjobs.com/crowdstrikecareers/job/USA---Remote/Sr-Application-Security-Engineer---Sensor--Remote-_R3238

I'm #hiring a Sr #AppSec Engineer at CrowdStrike to threat model and assess cloud applications, and work with software engineers to improve designs and implementations. Remote-first company. North America preferred, but other locales are possible. #GetFediHired #HiringNow

https://crowdstrike.wd5.myworkdayjobs.com/crowdstrikecareers/job/USA---Remote/Sr-Application-Security-Engineer--Remote-_R1795

Hey remember reading books for fun? Me either. Sincerely, someone who has way too much work-related reading

Printing from macOS directly to an IPP-capable printer, using the vendor's sanctioned driver stack: works about 20% of the time.

Printing from macOS to a Linux-based CUPS server using opensource drivers for that printer (but still talking to the printer over WiFi): works 95% of the time.

Figures

I'm #hiring another Senior #AppSec engineer at CrowdStrike. This role focuses on assessing the security of various on-device sensors, including threat modeling, testing, and code review. Knowledge of OS internals is a huge plus, especially macOS or Linux. #getfedihired #nowhiring

https://crowdstrike.wd5.myworkdayjobs.com/crowdstrikecareers/job/USA---Remote/Sr-Application-Security-Engineer---Sensor--Remote-_R3238

I'm #hiring a Sr #AppSec Engineer at CrowdStrike to threat model and assess cloud applications, and work with software engineers to improve designs and implementations. Remote-first company. North America preferred, but other locales are possible. #GetFediHired #HiringNow

https://crowdstrike.wd5.myworkdayjobs.com/crowdstrikecareers/job/USA---Remote/Sr-Application-Security-Engineer--Remote-_R1795

Man, this kind of scale is cool. Event management on the scale of a *trillion events per day* is pretty amazing

I'm just glad I'm not a data systems architect for that 😬

I've very much enjoyed my 8 years at Veracode. My team has been amazingly supportive and helped me learn and grow, and I got to work on making an amazing tool that has helped fix literally millions of flaws before they got into the wild.

But it's time for a new adventure! Next week, I start with CrowdStrike, where I'll be managing a Product Security team

Sometimes it's not DNS. Sometimes it is drivers that only partially install

Yes, it is sensible to place some kind of limit on password field length, because submitting the collected works of Shakespeare to that field can be a DoS because password hash functions/KDFs have practical limits

But that limit should be well above 50 even if you're using one of the older bcrypt implementations. Not *16*

Oh, and while you're at it, check your minimum length. If it's "8" or "9" please also check for still-running Windows NT servers

Veracode has been a Gartner MQ Leader for 8 years running

I joined Veracode 8 years ago. Coincidence?

Yes, absolutely a coincidence

The takeover of freenode by a hostile actor (abusing admin to ban advertising a channel's move to other places? Bad) is yet another lesson in "centralization is undesirable for communities"