June 11, 2022

Sandboxing Code Execution

Sandboxing code execution interfaces One of the values that you need to embrace as a security engineer is pragmatism. Security isn't a zero-sum game and a security is…

June 7, 2022

Threat Modeling Modern Applications - An Interview Guide

After recently completing a few interview loops for Security Engineer roles, one common requirement between different organizations is a round based on threat modeling or…

March 5, 2022

Building Custom Detection Signatures - Part 1 (SAST)

Running an application security program involves the use of many detection tools, often with thousands of signatures each. The abundance of tooling and rapid pace of CVEs…