Recorded April 29, 2019 at G-Unit Studios in Rhode Island!
- John Strand will be teaching Active Defense and Cyber Deception at Black Hat 2019. Please register here! Register Now @ .
- We just released our 2019 Security Weekly 25 Index Survey. Please go to securityweekly.com and click the Survey link to help us understand who's evaluating, using, or formerly used any of the Security Weekly 25 companies. The results will be summarized and presented back to all responders in a private webcast.
Interview: Larry Maccherone, Comcast
Prior to joining Comcast, Larry served as Principal for his namesake consulting firm where he worked with clients like IBM, Adobe, Oracle, USAA, and Intuit. Before branching out on his own, he became an internationally-recognized author and speaker on agile cultural transformations and published the largest ever study quantifying the impact of agile development practices while serving as the Director of Analytics and Research for Rally Software (now part of CA). Prior to that, he served as Executive Director for Carnegie Mellon's Cylab, where he teamed up with Gary McGraw and Noopur Davis to lead the launch of the DHS' Build-Security-In initiative. He has also served as Principal Investigator for the NSA's Code Assessment Methodology Project, on the Advisory Board for IARPA's STONESOUP program, and as the Department of Energy's Los Alamos National Labs Fellow.
Larry currently sees a huge opportunity for the concepts he helped developed with Build-Security-In a decade ago to finally take hold with the recent emergence of DevOps, which he thinks of as a natural successor to agile development because it further breaks down silos. As such, he characterizes DevOps as empowered development teams taking ownership for how their product behaves in production. He's currently applying agile transformation techniques that he previously quantified to spread DevOps and DevSecOps through large organizations.
Larry firmly believes in learning by doing so in his spare time, he is the author of several open source projects which get hundreds of downloads a month and one, node-localstorage, which gets over 300,000 downloads a month.
Bugs, Breaches, and More!
- Software update gums up fingerprints, which can be hard to keep in order
- Credentials and convenience in IOT
- A counterproductive security practice expires thanks to well-considered guidelines
- Docker Hub breach response
- A path to hacking Ruby Gems
If you build it, they will come
Learning & Tools
Food for Thought