tl;dr I wrote detailed summaries of all of the OWASP AppSec Cali 2019 talks (~32 hours of video) so that you can quickly grok the key insights and pro tips and then apply them at your company.
I also calculated some stats, including bar charts for talks by company (Netflix had the most) and talk categories.
The talks spanned a variety of topics, here are just a few examples:
* Areas you'd expect, like threat modeling, web security, containers and Kubernetes security
* How to be an effective first security hire at a startup
* How to build a strong AppSec program
* How to scale security with automation, tooling, and partnerships with developers
* How to build a positive security culture and make security training fun and engaging
* Netflix's cloud security defense in depth strategy and how they protect AWS creds
* How Dropbox protects heterogeneous internal web apps
* How Slack vets Slack Bots and how Salesforce secures the AppExchange
* How Salesforce protects user accounts via browser fingerprints and how Pinterest protects * accounts whose passwords have leaked in third-party breaches
* Lessons learned running a cyber warfare exercise with UN diplomats
I'd be happy to chat about any of the talks, my process for writing all of the summaries (I got a lot better over time), or anything else security related.
I also calculated some stats, including bar charts for talks by company (Netflix had the most) and talk categories.
The talks spanned a variety of topics, here are just a few examples:
* Areas you'd expect, like threat modeling, web security, containers and Kubernetes security
* How to be an effective first security hire at a startup
* How to build a strong AppSec program
* How to scale security with automation, tooling, and partnerships with developers
* How to build a positive security culture and make security training fun and engaging
* Netflix's cloud security defense in depth strategy and how they protect AWS creds
* How Dropbox protects heterogeneous internal web apps
* How Slack vets Slack Bots and how Salesforce secures the AppExchange
* How Salesforce protects user accounts via browser fingerprints and how Pinterest protects * accounts whose passwords have leaked in third-party breaches
* Lessons learned running a cyber warfare exercise with UN diplomats
I'd be happy to chat about any of the talks, my process for writing all of the summaries (I got a lot better over time), or anything else security related.