I'm hiring two Principal Security Researchers to join my Applied Research Team at Veracode. One focused on application static analysis and auto-remediation, one focused on dynamic analysis of web apps and web APIs.
My team is fully remote always (we have team members in EU, UK, US so far), great support for education (including attending conferences), pursuing your own projects, flexible scheduling, etc.
Boosts appreciated!
More info: https://mobile.twitter.com/chriseng/status/1358900181232713728
To an extend, part of that first thing (tell you what makes your product more appealing) can be a problem too, but it generally comes from people treating marketing information as a _mandate_
It's great to know that X capability makes your product have broader appeal. It's not OK to think that's sufficient reason to prioritize it, or to do it at all. The problem comes when leadership can't say "good data, that doesn't fit with what we want though, so we're not doing it"
It's that second thing, explaining stuff to potential buyers, that has a huge potential for unethical behavior. When marketing starts to try to _manipulate_ buyers or get you to try and sell something you don't really have, that's when the frustrations with marketing make sense.
When marketing people just find the right way to speak to people so that they understand how your product/service can help them, though, that's a huge help
Marketing isn't inherently evil; it's unethical marketers who've given it a bad name.
Marketing does three really important things for any org:
1. figures out who will buy what you're selling, and what would make what you're selling more appealing to them
2. figures out how to explain your stuff to buyers so that they'll understand they want it
3. helps you understand how well you're currently meeting your market's needs
The reactions to the J&J Vaccine being associated with 6 blod clot issues are such a great example of how difficult it is to get people to understand risk
A lot of people who got the J&J recently are freaked out, even though only 6 issues out of 7 million doses *might* have cause a problem. The gov is being smart pausing the use until they know why (might be a fluke, might be a mfg defect, etc), but people are reacting as though the J&J shot is/was inherently high risk. It isn't and wasn't
My colleague Mansi wrote an awesome series on Java crypto last year, and just published a great update to it.
Get fedi hired!
looking for a DevSecOps Consultant who has experience building and deploying CI/CD pipelines in the cloud and is an expert in automation using Terraform or Ansible.
Also looking for someone with in-depth Cisco Networking experience, as well as expertise working with Cisco Firepower firewalls. You must be proficient in creating and writing firewall rules, and have in-depth knowledge of network security.
I'm hiring two Principal Security Researchers to join my Applied Research Team at Veracode. One focused on application static analysis and auto-remediation, one focused on dynamic analysis of web apps and web APIs.
My team is fully remote always (we have team members in EU, UK, US so far), great support for education (including attending conferences), pursuing your own projects, flexible scheduling, etc.
Boosts appreciated!
More info: https://mobile.twitter.com/chriseng/status/1358900181232713728
And here's my little hacky script to talk to SmartThings to toggle lights: https://github.com/darrenpmeyer/smartthings-onair
It depends on a "just enough to work" implementation of the SmartThings API here: https://github.com/darrenpmeyer/python-smartthings
Built a little Python agent that monitors my macOS process list to see if I'm actively in a Zoom call, and runs an "on air" script when I join one and an "off air" script when I end one. I use this to automatically turn on a smart light I've designated as an "on air light" so my family knows when I'm on a call.
Very much "works on my machine", but people might find this useful
@superruserr hey, @ TheGibson @hackers.town mentioned you might be looking, and I'm hiring appsec research. Check latest post and let me know if that's possibly a fit!
I'm hiring two Principal Security Researchers to join my Applied Research Team at Veracode. One focused on application static analysis and auto-remediation, one focused on dynamic analysis of web apps and web APIs.
My team is fully remote always (we have team members in EU, UK, US so far), great support for education (including attending conferences), pursuing your own projects, flexible scheduling, etc.
Boosts appreciated!
More info: https://mobile.twitter.com/chriseng/status/1358900181232713728
Some people work while they're stressed and locked indoors. I wrote most of a book during the covid crisis:
https://twitter.com/search?q=from%3Adoctorow%20%23dailywords&src=typed_query&f=live
I was feeling pretty pleased with myself on that score, but then I found out what Oriol Ferrer Mesià did with his time.
His "Modern Retro Computer Terminals" project are a series of tiny computers built around low-cost processors like the Raspberry Pi and Nvidia Jetson Nano, run off a 3D printer and assembled.
https://uri.cat/projects/modern-retro-terminal/
1/
Even though I'm skeptical of the methodology behind things like Gartner's Magic Quadrant and Forrester's WAVE, it is still a nice compliment to be at or near the top on things like that!
And doubly so when it's because we've invested heavily in making a better security tool experience for developers
Applied AppSec Research @ Veracode ; I don't speak for them here. Part-time coffee and Arduino nerd.