SecurityScorecard’s Post

My second week on the job at Ingrian Networks saw me on the frontlines of what was, at the time, the largest breach ever: CardSystems. As is often the case with early stage companies, I was expected to be both presales and implementation. What better way, my mentor thought, to introduce me to the latter? Landing onsite in Tucson, we were hustled into the CIO’s office. He laid out the situation for us in stark detail: Visa and Mastercard had both pulled their charters. If there was hope of them remaining in business, it would be through rapid advancement of their security posture. So the checkbook was open and our product was the cornerstone of the plan to save the company. Alright! In the midst of patching software, CardSystems was swapping hardware, OSes, and databases 🤯 I won’t bore you with the details, but from 9AM to 2AM for multiple weeks, I saw my SE mentor navigate between teams, interface with leadership, and effectively end up quarterbacking the whole project. Watching him, I learned some of the most valuable lessons of my career: 1. Communication is everything. My mentor's ability to translate complex tech issues for leadership and coordinate between teams was crucial. 2. Sometimes, you're not just implementing - you're saving a company. The gravity of that responsibility shapes how you approach every project. These lessons still guide me today at Mocksi. Whether it's a high-stakes demo or a critical implementation, the principles remain the same: communicate effectively, understand the real-world impact of what we do, and always keep the customer's ultimate goals in mind.

So many examples of why it's imperative to design and test your #GenerativeAI solutions to ensure that they are accurate, unbiased, ethical, and safe. We're going around the world to talk about this to anyone that will listen. There are real world consequences for your business or organization when letting these solutions loose in the wild. If you need help with your #GenAI projects, reach out! #AI #Leadership #training #cybersecurity #AirCanada #AIChatBot

in this writeup i explain how i got Account takeover through Stored XSS https://lnkd.in/d8nGieBy #bugbounty #bugbountytips #penetrationtesting #cybersecurity

This highlights one kind of risk that AI is creating for businesses when they incorporate chatbots into their digital infrastructure. Security experts at Petro Cybersecurity can help your company assess the risk of including AI Technology throughout your operation. #riskmanagement #cybersecurity https://lnkd.in/gk8YbGic

After weeks of preparation, questioning my own sanity and crunching numbers, today was the day to take myself out of my comfort zone. Had great feedback and lots of pointers to help me narrow in on our USP and value. Thanks to Lizzie Raffles for encouraging me to do this, and Ed Goldsack for the encouragement and facilitating the session, oh and the biscuits to keep their sugar and happiness levels up. Plenty more of these to come as we enter the next stage of our growth. #icaconsultancy #cyberservices #businessgrowth #onthebusinessnotinthebusiness

"This alliance isn't just about collaboration, it's about setting a new standard for secure development by making it instinctive for both development and operations." 🤝 We're thrilled to be among the first to join New Relic's Secure Developer Alliance alongside industry leaders like FOSSA, Lacework, Aviatrix, and Opus Security to provide developers with the security observability and resources that empower them to innovate securely and confidently. Learn more in Help Net Security: https://ow.ly/eJ6Z30sCo5z

🗣 Sharing Our Knowledge: Code Nomads at Teqnation 2024. At Code Nomads, we're driven by a passion for software development and a commitment to sharing our experience with the software development community. It's in our DNA to share, innovate, and open-source our discoveries for the collective advancement of the industry. That's why we're thrilled that Soroosh Khodami and Makan Sepehrifar will be conference speakers at the TEQnation conference on May 22nd in Utrecht! 🔐 Secure Software Ecosystems: Insights and Best Practices by Soroosh and Ali Yazdani. Facing the ever-present shadow of vulnerabilities like Log4J and Spring4Shell, it's crucial to not just ask if we could be the next target, but how we can safeguard our future. Soroosh and Ali will navigate the path to building a resilient software development ecosystem. Expect to uncover: - The transformative impact of DevSecOps on application security. - Strategies for establishing a secure software ecosystem. - Insight into the dangers of Supply Chain Attacks. - The critical role of the Software Bill of Materials. - Guidelines for protecting cloud-native applications from start to finish. - The influence of EU regulations on software security protocols. 🌟 Leadership Reimagined: Obeya with Makan In the dynamic world of organizational development, achieving alignment and pursuing shared goals are paramount. Makan's exploration of Obeya—a concept rooted in collaboration and transparency—promises to shed light on methods for ensuring team synergy and unified direction. Ramon will act as conference host of Teqnation as chairman of the program committee. Join us at Teqnation for a deep dive into these essential topics and more. Hope to see you there! 🔗 Full program and tickets at www.teqnation.com #CodeNomads #Teqnation #KnowledgeSharing #SoftwareDevelopment #CyberSecurity #Innovation #Leadership

Curious about the top trends in IT for 2024? We boil it down for you in this great new Blog post. Be sure to check out our comprehensive guide to the SMB Tech Trends 2024 which can be accessed via a link at the bottom of the post.

It was my pleasure to share copies of the award winning Purple Book of Software Security with three top security leaders, Ali Fakhruddin Siddiqui, CSSLP, CCSP Kiran Sharma FIP, CIPM, CIPP/US, CDPSE , and Vivek Kumar in New York City recently. If you are interested in learning how to secure your software, then this is a must-read book. I had the pleasure of spending 2 days with Ali, Kiran, and Vivek and learned several insights from practitioners to thought leadership perspectives. And those perspectives will be shared in the second book that Purple Book Community leaders are co-authoring. More about it later in another post. The first book, shown in the picture, is co-authored by 32 top security leaders and it covers various challenges, best practices, and case studies in an organization’s journey to AppSec and Product Security, or more broadly Software Security. These co-authors’ experiences span multiple continents, multiple industries, and Fortune 20 companies to companies with just 200 employees. Many thanks to these leaders for generously sharing their time and talent for the benefit of the broader community. #AppSec #SecureSoftware