-
The Application Security Podcast: Tactical tips to shift engineering right
I was invited onto the AppSec Weekly Podcast to talk about my recent blog post, Shifting Engineering Right: What Security Engineers Can Learn From DevSecOps. …
-
AppSec Weekly Episode #146: Shifting Engineering Right: What Security Engineers Can Learn From DevSecOps
I was invited onto the AppSec Weekly Podcast to talk about my recent blog post, Shifting Engineering Right: What Security Engineers Can Learn From DevSecOps. …
-
Shifting Engineering Right: What security engineers can learn from DevSecOps
The security industry generally agrees on the value of enabling developers in an agile environment—although we don’t agree on what to call it… “Shifting Left,” “Creating a Paved Path,” “DevSecOps.” Regardless of the name, we tend to focus on teaching developers how to Sec, but there’s less focus on security engineers learning how to Dev. This article will focus on how to create a meaningful partnership between security and software engineers. …
-
Software Security Gurus #16
I was invited back to the Absolute AppSec podcast to discuss how security can embed within engineering teams. We discussed how to plan a successful embed within another team as well as various authentication-related topics including SSO, JWTs, and SCIM. …
-
Absolute AppSec Episode #104
I was invited back to the Absolute AppSec podcast to discuss how security can embed within engineering teams. We discussed how to plan a successful embed within another team as well as various authentication-related topics including SSO, JWTs, and SCIM. …
-
A Conversation With Leif Dreizler About Security Engineering at Segment
I join Unsupervised Learning’s host, Daniel Miessler, to chat about how the Segment Security Org is structured and what the Security Engineering Team is focused on. We discussed our team’s ‘Security Metrics’ project and our thought process around embedding within software engineering teams to build security centric services and features, like Authentication. …
-
How We Run Our Bug Bounty Program at Segment
This blog breaks down how to start and manage a bug bounty program, consistently achieve good results, and maintain healthy relationships with the people that power the program. …
-
Humans of InfoSec Episode #40: Where Engineering Meets Security
In this episode we’re joined by Leif Dreizler, Senior Application Security Engineer at Segment. Although his specialization in AppSec started in security consulting during his senior year of college, his background has helped him embed security into engineering. Leif joined the podcast to discuss his journey into AppSec, his observations about the industry, and his recommendations for entering the field. …
-
Helping Customers Secure Their Accounts
This blog discusses how the Segment Security Engineering Team approaches security and building software. It also talks about how we built 2FA and our password strength meter. …
-
The Secure Developer Episode #33
In Episode 33 of The Secure Developer, Guy is joined by Leif Dreizler and Eric Ellett of Segment. They discuss motivating security teams, the importance of investing time in your business relationships, and the longterm rewards of proper security training. …