Ray

I decided that I am going to fully support this initiative because why not.

So the dev managers want 24 hour SLAs for critical vulns. Does anyone else think this is insane?

Wait for my next blog post "A Theorycrafter's guide to Min/Maxing your AppSec program"

Also I call dibs on the appsec talk entitled "Min/Max your AppSec program"

Note: there is nothing wrong with theory crafting. I think it would just be nice to know

I think all AppSec talks need to specify if the topic is actually things you do or if it is just theorycrafting.

I need to go work at whatever company is doing this. All I see are underfunded appsec programs out there.https://twitter.com/malcomvetter/status/1222399487467053056 …

My new favorite quote, it speaks to me "Everything in the world displeases me: but, above all, my displeasure in everything displeases me."

So this year I decided to blog more, give talks, do podcasts and such. I usually just make stuff up tho, be prepared.

Apparently I am giving a class on threat modeling in Feb. Should be fun or at least a close approximation. https://twitter.com/PortlandOWASP/status/1221671659083464706 …

The money part is super important because if they didn't pay me I would go back to being a meh level developer

I decided on my new bio for talks and stuff, let me know what you think. "Ray is a Life Coach and Conspiracy Theorist. He does Application Security in his non-spare time for money."

In the grim darkness of the far future, there is only AppSec. Everything is code. And everything is vulnerable.

It was DNS...

This was suppose to say bug. But you know.

I told him that this is a security feature not a big. Haha.

Things I never thought I would be doing as an AppSec engineer: helping a dev figure out why sessionStorage is getting cleared in his react app. Somehow because it is sessionStorage appsec should be involved.