_{The time has come, as promised, I moved my newsletter to beehiiv. I hope that I did not ​not end up in your spam, and that you don’t mind the new format.} ❤️ _{Hit ‘reply’ to give me feedback!}

Hey there,

I want to chat with you about something that's near and dear to my heart: security champion programs. These developer gems are like the superheroes of the security world. They play a crucial role in promoting a strong security culture within organizations and ensuring that everyone is equipped with the knowledge and skills to ward off those pesky hackers. But here's the thing – I need your help to make them even better.

That's right, I’m on a mission to gather insights from individuals like you who have experience with security champion programs. You've been in the trenches, fighting the good fight, and we want to tap into that brain of yours. Why? Because your expertise can shape the future of these programs and help organizations level up their security practices.

So here's the deal: I kindly requesting your participation in a short survey.

Now, let me get personal for a moment. I've seen the impact that effective security champion programs can have, and it's pretty darn impressive. That's why your input is so valuable. Your experiences, insights, and witty anecdotes (if you're feeling up to it) will help me create valuable resources that empower organizations to establish robust security practices. Here's your chance to be a hero in the security world, and who wouldn't want to be a hero?

I want to say a huge thank you in advance for your time and willingness to share.

THE SURVEY

New Content!

• DevSecOps: More Than Just Pipelines | Tanya Janca | Conf42 DevSecOps 2023

• A Refreshing Take on DevSecOps: My Insights from Tanya Janca's OWASP London Talk

• Maturing Your Threat Modeling Skills with Adam Shostack (video below)

• The Cross Site Scripting Vulnerability (XSS), simplified.

Events!

• February 29, ASPM Nation online panel event: Friction to Fusion: ‘Hacking’ Harmony Between Security & Developers with awesome co-panelists like James Berthoty (more deets below)

• March 26, Semgrep Community is hosting the AMAZING Confidence Staveley of API Kitchen, to talk about securing APIs Click here to attend.

• April 11, Semgrep Community Panel: Building a Successful Security Champions Program: What Does it Take? with guests Chris Romeo, Dustin Lehr, Devin Rudnicki, and Ray Leblanc. Sign up here.

• April 25, Semgrep Community Panel: Software Supply Chain Security; More Than Just Dependencies with guests Cassie Crossley, Allan Freedman, Wolfgang Goerlich, and host Misha Yalavarthy. Sign up here.

• May 7, I will be giving a talk with Scott Helme at RSAC in San Francisco

Deets for ASPM Nation, presented by Cycode February 29th. 
You're invited to join me virtually for the panel discussion "Friction to Fusion: 'Hacking' Harmony Between Security & Developers". Let me introduce you to some mighty impressive speakers who will be joining us. We've got experts from EY and PagerDuty, bringing their A-game to the panel. These folks know their stuff, and they're ready to drop some serious knowledge bombs on application security. Get ready to have your mind blown!

Sign up here, for freeeeee.

Random Topics Go Here

Work with me? Semgrep is hiring an Events Marketing Manager, local to San Francisco (no remote, local only). Check it out here. 

A love story instead of a meme.

Let’s finish off this newsletter with a love story, courtesy of Clint Gibler of TL;DR SEC, instead of a meme!