
PagerDuty makes their security training public - vuln
https://sudo.pagerduty.com/
======
Bucephalus355
In a few years, employers are going to start screening for and rejecting /
hiring employees based on how secure they think they are in their personal
lives.

A user who is compromised in their personal/computer life is 99% going to be a
user who is later compromised in their work/computer life.

From a legal scholarship point of view, this is going to initiate some very
interesting federal court cases. Like for instance, can an employer mandate
that their already hired employees use an iPhone in their personal life? Can
they require that all of their employees use a password manager? What about a
specific brand of password manager? The questions are endless.

~~~
baseethrowaway
Yes, an employer can mandate that employees use password managers for work-
related accounts and are already doing it, from my experience. Also, for the
precise reason you say, corp accounts exist. Employees in some companies
already can't turn off 2FA for some accounts whether they want it or not.

Let's not reinvent solved problems. Questions are not endless.

------
jtaft
The engineering list is a decent start! Multiple vulnerability categories I
see day to day appear to be missing though, such as race conditions, direct
object references, and file inclusions. Would be nice to add a slide stating
"Don't trust user input".

If anyone is interested in security training, or looking for an application
security review, feel free to get in touch with us!
[https://www.oneupsecurity.com/](https://www.oneupsecurity.com/)

------
yread
It's public but there are quite a few "redacted" slides there :(

~~~
dangoor
Even so, there is still a good overview that remains.

