
What I Learned Watching All 44 AppSec Cali 2019 Talks - clintgibler
https://tldrsec.com/blog/appsec-cali-2019/
======
clintgibler
tl;dr I wrote detailed summaries of all of the OWASP AppSec Cali 2019 talks
(~32 hours of video) so that you can quickly grok the key insights and pro
tips and then apply them at your company.

I also calculated some stats, including bar charts for talks by company
(Netflix had the most) and talk categories.

The talks spanned a variety of topics, here are just a few examples:

* Areas you'd expect, like threat modeling, web security, containers and Kubernetes security

* How to be an effective first security hire at a startup

* How to build a strong AppSec program

* How to scale security with automation, tooling, and partnerships with developers

* How to build a positive security culture and make security training fun and engaging

* Netflix's cloud security defense in depth strategy and how they protect AWS creds

* How Dropbox protects heterogeneous internal web apps

* How Slack vets Slack Bots and how Salesforce secures the AppExchange

* How Salesforce protects user accounts via browser fingerprints and how Pinterest protects * accounts whose passwords have leaked in third-party breaches

* Lessons learned running a cyber warfare exercise with UN diplomats

I'd be happy to chat about any of the talks, my process for writing all of the
summaries (I got a lot better over time), or anything else security related.

