Thread 🧵about yelling In my early twenties I had a boss that yelled and screamed at people. I was new, but had heard it happen to others. One day I reported a design flaw to him, for a new app we were about to build. He started to get upset, like he was going to yell.

🔥 Get ready for an interactive session on Semgrep rule writing! On September 16th at 9AM PT, Brandon Wu and I will help you create and refine your own rules. Don’t miss it—sign up now! ow.ly/RyJB50T1kHN

🚀 Discover how Laurent Bouchard and Léandre Forget Besnard changed the conversations about security at @Desjardins through #ThreatModeling. Don't miss out on their insights at #ThreatModCon 2024 San Francisco next month! Register: hubs.li/Q02LMw1b0

🚨 CONTEST ALERT! 🚨 Want to win 1 of 3 decks of 'Cards Against AppSec' by Tanya Janca? Simply RT this post and make sure you're following us to enter! ⏳ You have 48 hours—good luck! #AppSec #Giveaway #CardsAgainstAppSec

Our previous post got deleted; we are sorry to everyone who has already re-tweeted. Please re-tweet again. For everyone who followed us, we have your names listed and you will still be entered! Thank you for understanding.

oh my god IT HAPPENED

Get ready for an unexpected keynote at #ThreatModCon 2024 San Francisco! 💥 Join Caroline Wong, Matthew Coles, Izar Tarandach 🎗️, adam shostack, Zoe Braiterman, and a special guest as they tackle the hottest threat modeling topics LIVE! 👉 Get your ticket now: hubs.li/Q02MP89G0

I can either use my energy to stay still on camera or I can use my energy to pay attention to the meeting. One or the other, I can’t do both

🚨Heads up, LinkedIn just opted everyone into training their AI. Go to Settings->Data Privacy->TURN OFF data for generative AI improvement 🚨

I'll be speaking as part of the un-keynote at #ThreatModCon 2024 in San Francisco next weekend. Will also moderate a session during lunch time. It's a one day focused event on Threat Modeling, check it out if you're into or curious about it! threatmodcon.com/san-francisco

Under the Radar: How we found 0-days in the Build Pipeline of OSS Packages by François Proulx at @OWASP Global AppSec San Francisco 2024

Congratulations Tanya!

Jealous!

I highly recommend this book. That is a steal of a deal! If you are in #compsci #webdev #fullstack #appsec go get it.

It's going to be so fun! See everyone tomorrow! P.S. don't make lunch plans we have you covered!

I had an amazing experience on stage with Caroline Wong Izar Tarandach 🎗️ adam shostack Brook Schoenfield - Elder Statesman for AppSec Matt (human), Claude (AI) and Pi (AI) #threatmodcon SF 2024

CTF players be like

Developers, if you're doing secure coding training, is it helpful to have first a "this is crappy code", then "this is better code" then "This is the best code" types of examples and walk throughs? Like "here's how we could call a secret management tool, and why" Thoughts?

Also, would you rather write all the code yourself? Or walk through? Or review code? Or walk through then you code? Or, what do you like the best and how do you learn the best? Thank you for your input. I may or may not be working on my next workshop. 😉

We’ve just launched our new community forum! 🎉 A dedicated space for our members to share challenges, explore best practices, and get input from one another about all things #ThreatModeling. 👉 Join the discussions now: hubs.li/Q02VcD5v0