💜 _{Hit ‘reply’ to send me a message or give me feedback!}

Hello Friends,

Security awareness month is coming soon and I am already booking dates to give talks this October. This year I would like to offer something a little different; if you work at a company that has 100 developers or more, and you are on the market for a new static analysis tool, a secret scanner, or a software composition analysis tool, I would be happy to trade my time for yours. If you will sit down with the Semgrep sales team to discuss your needs and see if they can help, I will give a free security awareness talk (virtually) for your company (can be during, before, or after October). You do not have to buy anything from Semgrep, you just have to give them a chance to it pitch you. If you don’t want to sit down with the sales team that is cool too, I am always for hire. :-D

More: I am going to be at Black Hat, SquadCon, and Def Con (AppSec Village) this year, and am wondering if anyone would like to invite me to be on a panel, do a book signing, speak at a side event, or something else? If so, I am very open! Let me know.

Even more: I made a new game: Cards Against AppSec. Come play it with me in Vegas August 7th!

Lastly, as a sponsor of Loco Moco Sec I have a free ticket to give away! You need to cover your own travel and accomodations, but a free ticket can save you quite a bit of $. To get it, be the first to reponse to this email and tell me you want it. Note: if you take the ticket and then do not go, I will be disappointed in you. Just like your mom when you were a teenager: I’m not mad, I’m just disappointed. 😛 Seriously, only ask for the ticket if you will use it please. July 17-18 in Kaua'i, Hawai'i, USA

PS I’m on vacation for over half the month of July, working on my upcoming book. Please send me good writing vibes.

PPS I am overwhelmed and proud to tell you my first book, Alice and Bob Learn Application Security, was named the #1 book for software security testing…. Of all time. Ummm, wow! I did not see that coming. Thank you Book Authority!

New Content!

• I was on the Application Paranoia Podcast!

• Threat Modelling for Developers with Adam Shostack, Izar Tarandach, Matthew J. Coles for the OWASP Foundation.

• You should be using AI for AppSec, a fireside chat with myself and Mo Sadek

• The Modern Security Podcast Yes, another podcast with meeeee

• Absolute AppSec Podcast with Ken and Seth!

• Hacker Valley Studios: Smashing Things is Fun

• No Password Required Podcast: Education Lead at Semgrep and Former Czar for Canada’s Election Security

• I spoke at DevOpsDays Ukraine, with a very condensed version of my DevSecOps Worst Practices talk, in case you want to see a 40 minute presentation broken down into 8 minutes. :-D

Events!

• July 16th, Semgrep Community presents a virtual panel: Collaborating with Development Teams: How to Successfully Implement and Enforce Secure Guardrails: Note, I’m not on the panel, I’m just organizing it.

• July 30th, The Rules, a new, live, virtual, monthly Semgrep rule writing session with yours truly and Kyle Kelly

• August 7th, Cards Against AppSec, Live in Vegas! Join Semgrep Community for a new game I made for a hilariously good time! Food and beverages are free!

• August 8th, Black Hat Community (morning) - I got rejected for the main conference, but the community folks reached out and I will be on a Security Champions Panel with Dustin Lehr and others!

• August 8th, SquadCon with Black Girls Hack! (Afternoon)

• August 20th, virtual, Semgrep Community presents a panel “Best Practices and Innovations in Software Supply Chain Security“

• August 20th, virtual, Semgrep Community presents a panel “Best Practices and Innovations in Software Supply Chain Security“ Virtual

• September 20th: B-sides Vancouver Island, my hometown conference! Come hang out with me, Semgrep Community, and all the amazing B-Sides folks. Tickets are $50, a total steal. PS I’m speaking too!

• Sept 23 & 24, I’m speaking at B-Sides Edmonton, in Edmonton Alberta!

• Sept 26 & 27 attending OWASP Global AppSec in SF. I’ve applied to speak, not sure if I got in or not. I’m also planning a ladies coffee event, watch out for the invite here!

• October 24-25 2024, Austin, Texas, USA, Lascon, I’m excited to announce that I will be the keynote and the other keynote is HD Moore!

• November 7, 2024, online, The Elephant in AppSec Conference

• January 20-23, 2025 NDC Security in Oslo, Norway - That’s right, I’m coming to Europe!!!! Email me if I will be close and I will see if I can visit your city!

• January 2025 (event confirmed, date still in the air): OWASP LONDON!

Random Topics Go Here

I was in a book, with 96 other amazing humans! "97 Things Every Application Security Professional Should Know" written by Reet Kaur and Yabing Wang. I wrote about the difference between first and second generation SAST and how to choose a good one. I hope you find it helpful!

We end with a meme.