ckirsch@veracode.com (ckirsch), Author at Security Boulevard
Live from Black Hat: Breaking Brains, Solving Problems with Matt Wixey

Live from Black Hat: Breaking Brains, Solving Problems with Matt Wixey

Solving Puzzles has been a very popular pastime for InfoSec professionals for decades. I couldn???t imagine a DefCon without the badge challenge. At Black Hat 2020 Matt Wixey, Research Lead at PwC UK, didn???t disappoint as he presented on parallels between puzzle-solving and addressing InfoSec problems. Puzzle (and problem) solving ... Read More
Live from Black Hat: Hacking Public Opinion with Renée DiResta 

Live from Black Hat: Hacking Public Opinion with Renée DiResta 

Psychological operations, orツ?PsyOps, is a topic I???ve been interested in for a while. It???s aツ?blend of social engineering and marketing, both passions of mine. That's why I found the keynote byツ?Renテゥeツ?DiResta,ツ?Research Managerツ?at theツ?Stanford Internet Observatory, particularly interesting.ツ? The Internet Makes Spreading Information Cheap & Easyツ? Disinformation and propaganda areツ?oldツ?phenomenaツ?that can ... Read More
Live from Black Hat: Practical Defenses Against Adversarial Machine Learning with Ariel Herbert-Voss

Live from Black Hat: Practical Defenses Against Adversarial Machine Learning with Ariel Herbert-Voss

Adversarial machine learning (ML) is a hot new topic that I now understand much better thanks to this talk at Black Hat USA 2020. Ariel Herbert-Voss, Senior Research Scientist at OpenAI, walked us through the current attack landscape. Her talk clearly outlined how current attacks work and how you can ... Read More
Live from Black Hat: Healthscare – An Insider's Biopsy of Healthcare Application Security with Seth Fogie

Live from Black Hat: Healthscare – An Insider’s Biopsy of Healthcare Application Security with Seth Fogie

Healthcare providers heavily leverage technology.ツ?In his talk, Seth Fogie,ツ?informationツ?security director at Penn Medicine takes apart different vendor systemsツ?at the ???fictitious??? Black Hat Clinic. Fogie gives a lot of examples and drives home the point that you shouldn???t just look at network security ??ヲ you have to dig deep into the ... Read More
Live From Black Hat: Stress-Testing Democracy - Election Integrity During a Global Pandemic with Matt Blaze

Live From Black Hat: Stress-Testing Democracy – Election Integrity During a Global Pandemic with Matt Blaze

Technology and elections are heavily interrelated ??? but it wasn???t always that way. We started to adopt technology once weツ?weren???t able toツ?fit everyone into a town hall. The first piece of technology was simply a piece of paper and a ballot box. We may not think of it asツ?technology,ツ?but the ... Read More
Evaluating and Selecting AppSec Vendors to Fit Your Business Needs

Evaluating and Selecting AppSec Vendors to Fit Your Business Needs

Application security (AppSec) has seen quite an uptick over the last 10 years, with no signs of slowing down. When your organization is ready to tackle the challenge of building a strong AppSec program, you may find yourself wondering where to plug in various tools and solutions ??? and even ... Read More
Veracode AWS reInforce Building an AppSec Program

Live from AWS re:Inforce: Learnings from Security Enablement for DevOps at AT&T

This week, AWS ran its inaugural security conference AWS re:Inforce in Boston. There were several interesting talks at the conference, and I found John Maski’s presentation, “Integrating AppSec in your DevSecOps on AWS,” contained great practical advice. Maski worked for AT&T for 32 years, with his most current role being ... Read More
Live From Gartner Security & Risk Mgmt Summit: Starting an AppSec Program, Part 2

Live From Gartner Security & Risk Mgmt Summit: Starting an AppSec Program, Part 2

This is part two of a two-part blog series on a presentation by Hooper Kincannon, Cyber Security Engineer at Unum Group, on “Secure from the Start: A Case Study on Software Security” at the Gartner Security & Risk Management Summit in National Harbor, MD. In this presentation, Hooper provided a ... Read More
Live From Gartner Security & Risk Mgmt Summit: Starting a Web Application Security Program

Live From Gartner Security & Risk Mgmt Summit: Starting a Web Application Security Program

Bootstrapping an application security program is hard. Technology is only one part of the equation. You need to inventory your applications, get stakeholders on board, and then execute on the holy trinity of people, process, and technology. That’s why I was excited to see Hooper Kincannon, Cyber Security Engineer at ... Read More
Live From Gartner Security & Risk Mgmt Summit: How to Approach Container Security

Live From Gartner Security & Risk Mgmt Summit: How to Approach Container Security

Container security is a topic most security practitioners still find confusing. It’s a new technology that’s spreading fast because of its numbers benefits, and security implications and solutions are evolving just as fast. That’s why I really appreciated Anna Belak’s session “Container Security – From Image Analysis to Network Segmentation” ... Read More