A Practical Look at AI
In this post, I try to look past the hype or doom around AI and look into what useful results can be obtained through AI, and where I think the technology can realistically go.
Latest
How to Say Goodbye
At some point, we will all have to leave an organization. It might be a company, a nonprofit, an extracurricular, or something else. A lot of people, including myself, get very emotionally invested into the work we do. Leaving is almost always hard. What is even harder is leaving with
Value-Oriented Cybersecurity
Software engineering is in a rough spot right now. Cybersecurity has made it through largely unscathed. However, the industry should learn from this and align with investor interests to bring long-term stability.
First Principles and the Future of AI
đź’ˇThe following content is opinion. All views expressed are my own and do not represent the views or policies of my employer, past or present, or any other organization with which I may be affiliated.Read all disclaimers at beave.rs/disclaimer Last year, I developed a five-year plan for
The World Has Too Much Code
The goal of application security is consistently bug-free code. Open Source may be the way to reach that goal.
Securing Open Source Software
Securing Open Source SoftwareFOSS Research Project.pdf2 MBdownload-circle This is a presentation that I gave as part of my class on Humanitarian Free and Open Source Software (HFOSS) about tools and techniques that FOSS maintainers can use to secure their projects. I began my presentation by talking about Log4J. Log4J&
BSides Toronto - Quality Engineering
Download the Slides Quality Engineering AppSec.pdf 15 MB download-circle Sign Up for my Newsletter What does it take to have a successful SDLC program? In this talk, I step beyond the policy, and share my experiences turning a failing software development team into one that was both fast and
2023 All Things Open
đź‘‹Hello! I am going to be speaking on a panel at All Things Open. More info will be released soon. Panel: Open Source Compliance & Security OSI Track Tuesday Oct 17 @ 1:30 PM - 2:15 PM
The Shadow Software Supply Chain
StackOverflow and GitHub Co-Pilot have made untrusted code rampant in production applications. A focus on services will help mitigate the risks and enhance security.
Services: The AppSec Inflection Point
Application Security (AppSec) teams should strive to adopt a service-oriented model, leveraging API proxies to deliver security across stacks.
The SEC Cybersecurity Policy
⚠️This article is solely my analysis of the policy, and is not legal advice The Securities and Exchange Commission recently released new policies for Cybersecurity disclosure. My RSS feeds went ablaze with different hypotheses on how this will play out, and there is a lot of fear about how regulations
Why I Do Not Share Advice Online
I enjoy understanding and analyzing issues in-depth, both for the security industry and more broadly. I do some individual stock picking in my free time, mostly as a relatively low-stakes way to perform research on different companies and I enjoy the research process. I have decided that I want to
Career
Automation, AI, and the Labor Market
How will AI impact jobs? Will AI impact by job? In this post, I look to the past for guidance of how AI may impact the future of labor.
Career
Four Tips to Make a Good Impression at an Internship
In this article, I cover some of my tops for making a good impression during an internship.
Cellular
Cellular Cryptography
In this presentation, I explore how Authentication and Authorization takes place on LTE Cellular Networks, as well as AS and NAS cryptography.
FOSS
Miekg/DNS Community Architecture
Git: https://github.com/miekg/dns Introduction History/Purpose/Goals Miekg/dns is a go library to simplify the development of DNS servers and clients in Golang. It is used by many high-profile companies including Cloudflare, Baidu, Slack, and Hashicorp. First Commit/Most Recent Commit The most recent commit was
FOSS
Svelte Community Architecture
Site: https://svelte.dev Discord: https://svelte.dev/chat Git: https://github.com/sveltejs/svelte Introduction History/Purpose/Goals Svelte is a javascript compiler that turns Svelte syntax into frontend javascript. It aims to be substantially smaller and more efficient than other frontend libraries like React or Vue, achieving this
FOSS
Analysis - The Future for Open Source
In this post, I analyze "The Future For Open Source" by Adrian Bridgwater, published in Forbes.
RIT HFOSS
ASP.NET Core Community Architecture
The ASP.NET Core project is a part of Microsoft's transition to Open Source. In this post, I analyze the framework and its viability as a FOSS project.
FOSS
Analysis - Sorry, Ms. Ehmke, The “Hippocratic License” Can’t Work
As part of my HFOSS course, I analyze a rebuttal to the Hippocratic License. The license aims to add ethical conditions to software licensing.
Career
How to "Break into" Cybersecurity
Getting a job is difficult. Getting a first job is even more difficult. In this article, I share tips to get hired in cybersecurity.
Events
Operating System Security
Operating Systems offer unique insights into how to write complex software securely. In this presentation, I look at how different security-focused operating systems approach security, and take a look at what their approaches mean for security students. Key Take-aways * Adhering to good software development practices reduces risk * Reducing complexity and
Events
RITSEC Education – Web Security
This week, we investigate how the world wide web works, and how you can both attack and defend websites. Key Take Aways * Trust and validate inputs on the Trust Zone Border * Use CORS policies to mitigate many common types of attacks Disclaimer This presentation and page are subject to the
Events
Driving User Adoption of Security Best Practices
95% of cyber attacks involve user error. How can we break resistance and drive meaningful long-term change? Key Take Aways * By separating changes into small steps, we can make resistance more difficult and change more meaningful Sources https://www.weforum.org/reports/global-risks-report-2022 Disclaimer This presentation and page are subject