Sr. Application Security Engineer at Twitch. Opinions, idiolect and tweets are my own and does not represent the ones of my employer.

Irvine, CA
Joined April 2011
If you want to check out @NorthSec_io CTF 2021 stream we'll be over twitch.tv/northsec (mirrored on YT) all weekend! This is better for participants only, but there's some animation and fun things happening over the weekend. #NSEC2021
3
6
Join NorthSec Discord server to discuss with other participants, speakers and staff! nsec.io/discord/ #NSEC2021 @NorthSec_io
2
5
NorthSec 2021 conference and CTF are this week! nsec.io/ Conference - all free online! May 20-21 - Starts around 9 AM Eastern Time Competition (CTF) - registration closed! May 21-22-23 - Starts Friday around 8 PM Eastern Time #NSEC2021 @NorthSec_io
9
2
16
They'll probably let you watch the event stream even if you don't have a badge.. 😂 but the badge is awesome and has some fun (out of competition) flags in it! Shipping was fast for me!
[BADGE] Last chance to get your badge for the event!!! Get it here: shop.nsec.io/ #NSEC2021 Come and brag with it on our Discord: nsec.io/discord
1
8
Post-Spectre, we need to adopt some new strategies for safe and secure web development. This document outlines a threat model we can share, and a set of mitigation recommendations. w3.org/TR/post-spectre-webde…
2
2
2
5
TL;DR😅 1⃣ server side check Origin and Sec-Fetch-* 2⃣ CORP same-origin 3⃣ Protect framing with Frame-Options or frame-ancestors 4⃣ COOP same-origin 5⃣ Correct Content-Type headers and X-Content-Type-Options: nosniff w3.org/TR/post-spectre-webde…
2
All right, that settles it: I'm shifting Leif... ... To the top of the people who has an awesome vision for software security engineering that I stand 1000% behind.
I just posted a blog about building security product features in cooperation with software engineers! Check it out and feel free to DM me if you have any questions 😊 segment.com/blog/shifting-en…
2
7
My highlights from it: 💡An important benefit of learning more about software engineering is building empathy for your coworkers. 💡An easy way to get your idea prioritized is to be aware of what other teams are working on, and look for efficient opportunities to work together.
1
💡If you do a security task make sure you fill the role of the developer. Someone else from the security team should represent the security organization .. it avoids a conflict of interest. This new perspective will help you redesign security workflows with additional pragmatism.
1
💡.. learning more about software development .. help you think like your software engineering counterparts. With this mindset, you’ll be more easily able to create scalable security tools and processes that empower developers to make good security decisions
1
💡.. try to be available when issues come up in the future, this will help build lasting goodwill 💡When a security team is more knowledgeable about other parts of the business, pragmatic tools and processes will be implemented. ⏬Scroll after conclusion for Tactical tips! 🤟
<#list .data_model?keys as key> <li> <#assign b = "${key}?interpret"?eval> ${key}.toString(): <@b /> </li> </#list> hint for LAB 6
Show this thread