ReThink Security
Subscribe

Insight for
Security Leaders

Articles tagged with "AppSec Engineering"

Credit: Daniel Cheung @ Unsplash

Part 1 - My First 100 Days in ProdSec at a Series E Startup

Authored by: Joe Basirico
Published on August 2, 2021
Reading time: 8 minutes

After working in the application security consulting industry for nearly two decades and helping to solve my clients’ most difficult challenges, it was time to put what I used to tell others into practice. These are my lessons from the first 100 days. 

I’ve created security teams, bug bounty programs, set up tooling strategies, hiring plans, and more. I thought I’d hit the ground running and start making an impact on day 1, or at least day 99, while I made some impact early I had a lot to learn. As I passed my 100th day I learned so much about what makes a successful product and a successful product security team. In this article I’ll walk you through the successes, challenges, and failures I’ve faced in my transition from seasoned security vendor to Senior Director of Product Security at Highspot


Read more >>

Credit: Joe Basirico

Phase One of Appsec Engineering: Awareness

Authored by: Joe Basirico
Published on November 30, 2020
Reading time: 4 minutes

This is part of a series

  • Introduction
  • Awareness (you are here)
  • Enablement (coming soon)
  • Enforcement (coming soon)

Last week I published a post introducing three important phases of AppSec Engineering: Awareness, Enablement, and Enforcement. Over the next three posts I will dive into each of these topics to share best practices and guidelines you can roll out to optimize your security engineering practice.

In my experience, the best AppSec programs start with AppSec awareness training. The goal is to provide your product team with enough information to know when they need security involvement. That’s a broad statement, so let’s break it down.


Read more >>

Credit: Joe Basirico

The Three Phases of Appsec Engineering

Authored by: Joe Basirico
Published on November 20, 2020
Reading time: 3 minutes

This is part of a series

In order for an AppSec team to collaborate effectively with development teams they should think in three phases: Awareness, Enablement, and Enforcement. This month I’ll be dedicating an article to each. The focus of these articles will be on the critically important area of application security, focused on the roles involved in building software: developers (DevOps), testers, and architects.


Read more >>