We are thrilled to announce a stellar lineup of talks for OWASP® Foundation #appsecday in Melbourne, Australia on the 1st of Nov! So many amazing speakers 😍 RT's appreciated so we can spread the word! appsecday.io/schedule/

Had a blast talking about incident response in web apps at @owaspmelb/@infosec/.exchange AppSec Day! If you didn’t get a chance to see the talk, I’ll post a link to the recording when it’s up later. #AppSecDay

Building Data Discovery and Classification at Scale - Elizabeth Nammour & Pinyao Guo #AppSecCali 2020 youtube.com/watch?v=A9UFPG…

The NCSC now uses 'allow list' and 'deny list' in place of 'whitelist' and 'blacklist'. Emma W explains why... ncsc.gov.uk/blog-post/term…

For those of you opening up your work laptops this Monday morning, remember to check on your employer’s donation matching program. See how much of that corporate capital you can route to bail funds!

“He asked you to shoot at people who weren’t shooting back,” growled Vimes, striding forward, “That makes him insane, wouldn’t you say?” “They are throwing stones, Sarge,” said Colon. “So? Stay out of range” ― Terry Pratchett, Night Watch

My group just finished our first session of Companion's Tale by Laura Simpson and had an awesome time! We've kicked off a story of the power of words, rising fascism, and ... spooky gangster beetles. Go get yourself a copy. sweetpotatopress.com #SupportBlackCreatives

Arrest the cops who killed #ElijahMcClain Arrest the cops who killed #BreonnaTaylor Arrest the cops who killed #ElijahMcClain Arrest the cops who killed #BreonnaTaylor Justice is overdue!

I’m going to conjecture that for every hour of IR done by security staff at Twitter today, they have spent three hours advocating for the controls they wish they had but couldn’t get. </conjecture> This is why you don’t laugh when your colleagues have tough days.

Day 1 vs. Day 1,448

1/ Recently, we switched Figma's Okta to only allow phish-proof webauthn/FIDO MFA. I wanted to share a few things that helped us and might come in handy for any other security team.

Idk no shade to anyone but it’s so interesting how something happens and we’re all like “DO THE BASICS” but man when you’ve worked IT Ops & sys admin at large orgs (not vendor), and have to work with and alongside many tech teams, simple basics turn into complex yr long projects

Excited to share a new blogpost by Hongyi Hu on how we do zero-trust shell access on AWS. Massive security win (webauthn+device-trust auth, detailed logs for ssh) while improving usability! figma.com/blog/inside-fi…

Had a blast presenting some of the work we’ve been doing to protect Figma’s internal web apps at #fwdcloudsec! Check out the slides on the Figma Community: figma.com/community/file… Or the deep dive blog post: figma.com/blog/inside-fi…

Had a great chat with benarent about building security at maximum speed (that is, at startups) for his Access Control podcast. Thanks for having me on, Ben! goteleport.com/resources/podc…

Excited to be a guest on the Cloud Security Podcast with Ashish Rajan 🤴🏾 this afternoon! Tune in at 2PM PDT at youtube.com/watch?v=IZwrUm… for a conversation on app defense theory and whatever else comes up!

How to BUILD APPLICATIONS WITH ZERO TRUST PRINCIPLES! with Maximilian Burkhardt & Ashish Rajan 🤴🏾 - cloudsecuritypodcast.tv/season-2/build… #zerotrust #cloudsecuritypodcast

🧵 1/ Mark Dorsi suggested a follow-up thread on our experience switching to webauthn & so here goes. I will first start with the good parts before jumping into lessons that might be useful for other security teams. If you find this fun, come join us at figma.fun/seceng

Verifying that I am @[email protected] (infosec.exchange/@maxb)