Free Lunch!

Free Lunch!

A while ago I heard some folks, who work in another company's HR team, discuss the idea of giving their "employees" more insight in their actual cost to the company. It got me thinking about the value of companies providing their people with free lunches in particular ... Read More
Why I started blogging

Why I started doing this blog

I wanted to write down my learnings ever since I started my professional career about 4 years ago. I never got around to doing it, partially because I was (and am) of the opinion that my insights aren’t necessarily new insights or help move the bar. Now, that opinion hasn’t ... Read More
Building a Security Program Start Small

Building a Security Program: Start Small

Your Security Team is trying to build tooling, awareness campaigns or processes to improve the security posture of your organizations and its products. How often does one of your projects or products fail or not have the impact you were hoping for? ... Read More
Product Security in Agile Organizations - Security User Stories Suck, here's why

Security User Stories suck, here’s Why – Product Security in Agile Organizations: part 3

A year or two ago a teammate made me aware of a thing called “Security User Stories”. I’ve never felt that these Security User Stories are quite right. I now have the strong opinion that this implementation is very flawed and not Agile at all ... Read More
People are not resources

People are not resources

I don't like it when leaders refer to the people they're supposed to grow and manage as "resources". Here's why ... Read More
Product Security in Agile Organizations - Gemba || The Real Place

Product Security in Agile Organizations: part 2 – Gemba || The Real Place

How do you figure out what to work on and how your Security solutions should work? Practice Gemba, or Go See, with your development teams ... Read More
Product Security in Agile Organizations - Empowering Teams

Product Security in Agile Organizations: part 1 – Empowering Teams

So you’re part of the security team in an Agile organization? The development teams ship new or updated code and infrastructure at least once every month, and up to several hundred times a day. Automation can solve or highlight a large amount of potential security considerations, but maybe an ... Read More