1. Share the spotlight: Creating a culture where everyone shares their work

    This blog is all about creating a culture of community involvement within your team or organization at work. …


  2. The InfoSec community needs you (yes, you)!

    This blog provides guidance on how to get started with blogging and presenting in the InfoSec community. The InfoSec community needs new speakers, and that could be you! …


  3. Tracking Meaningful Security Product Metrics

    The right metrics empower teams to communicate cross-functionally, and help educate other departments about what’s important and how things are getting better (or worse) over time. As a security leader you may also be able to show new metrics that demonstrate that your organization is not only mitigating risk, but also helping drive sales. This will make your security org quite a bit more popular with go-to-market folks and business-minded engineering leaders. This type of thinking helps you break people out of the “security is a cost center” mindset. Demonstrating that you’re helping the company’s top line helps get you more funding for next year, or in today’s economy–protect what you already have. …


  4. An Unlikely Friendship: Why Security Engineers and Product Managers Should Be Working Together

    Have you had trouble getting security features prioritized by product teams? Learn to expand your technical toolkit by harnessing the power of product managers to evangelize a security-focused roadmap, accelerate your team’s vision and growth, and unlock revenue from security-conscious customers. …


  5. Shifting Engineering Right: What security engineers can learn from DevSecOps

    The security industry generally agrees on the value of enabling developers in an agile environment—although we don’t agree on what to call it… “Shifting Left,” “Creating a Paved Path,” “DevSecOps.” Regardless of the name, we tend to focus on teaching developers how to Sec, but there’s less focus on security engineers learning how to Dev. This article will focus on how to create a meaningful partnership between security and software engineers. …


  6. Software Security Gurus #16

    I was invited back to the Absolute AppSec podcast to discuss how security can embed within engineering teams. We discussed how to plan a successful embed within another team as well as various authentication-related topics including SSO, JWTs, and SCIM. …


  7. Absolute AppSec Episode #104

    I was invited back to the Absolute AppSec podcast to discuss how security can embed within engineering teams. We discussed how to plan a successful embed within another team as well as various authentication-related topics including SSO, JWTs, and SCIM. …


  8. A Conversation With Leif Dreizler About Security Engineering at Segment

    I join Unsupervised Learning’s host, Daniel Miessler, to chat about how the Segment Security Org is structured and what the Security Engineering Team is focused on. We discussed our team’s ‘Security Metrics’ project and our thought process around embedding within software engineering teams to build security centric services and features, like Authentication. …


  9. How We Run Our Bug Bounty Program at Segment

    This blog breaks down how to start and manage a bug bounty program, consistently achieve good results, and maintain healthy relationships with the people that power the program. …


  10. Humans of InfoSec Episode #40: Where Engineering Meets Security

    In this episode we’re joined by Leif Dreizler, Senior Application Security Engineer at Segment. Although his specialization in AppSec started in security consulting during his senior year of college, his background has helped him embed security into engineering. Leif joined the podcast to discuss his journey into AppSec, his observations about the industry, and his recommendations for entering the field. …