1. Absolute AppSec Episode #104

    I was invited back to the Absolute AppSec podcast to discuss how security can embed within engineering teams. We discussed how to plan a successful embed within another team as well as various authentication-related topics including SSO, JWTs, and SCIM. …


  2. A Conversation With Leif Dreizler About Security Engineering at Segment

    I join Unsupervised Learning’s host, Daniel Miessler, to chat about how the Segment Security Org is structured and what the Security Engineering Team is focused on. We discussed our team’s ‘Security Metrics’ project and our thought process around embedding within software engineering teams to build security centric services and features, like Authentication. …


  3. How We Run Our Bug Bounty Program at Segment

    This blog breaks down how to start and manage a bug bounty program, consistently achieve good results, and maintain healthy relationships with the people that power the program. …


  4. Episode #40: Where Engineering Meets Security

    In this episode we’re joined by Leif Dreizler, Senior Application Security Engineer at Segment. Although his specialization in AppSec started in security consulting during his senior year of college, his background has helped him embed security into engineering. Leif joined the podcast to discuss his journey into AppSec, his observations about the industry, and his recommendations for entering the field. …


  5. Helping Customers Secure Their Accounts

    This blog discusses how the Segment Security Engineering Team approaches security and building software. It also talks about how we built 2FA and our password strength meter. …


  6. The Secure Developer Episode #33

    In Episode 33 of The Secure Developer, Guy is joined by Leif Dreizler and Eric Ellett of Segment. They discuss motivating security teams, the importance of investing time in your business relationships, and the longterm rewards of proper security training. …


  7. A Good First Impression Can Work Wonders: Creating AppSec Training That Developers Love

    Good vulnerability response practices are critical to software security. But good vulnerability response practices work even better on software built with security in mind. …


  8. Working with Developers for Fun and Progress

    Forging a strong relationship with developers is essential part of creating an impactful AppSec program. Without it, your team will have little idea what’s going on and will have trouble getting bugs fixed and features shipped. Segment has built strong ties to developers using our competition-based training featuring Burp Suite and OWASP Juice Shop, partnership during implementation of tooling, and contributions to the existing codebase. This presentation is chock full of practical examples and references that attendees can bring back to their organization. …


  9. Absolute AppSec Episode #42

    Members of Segment’s security and engineering teams appeared on the Absolute AppSec podcast to discuss product security features, SSRF mitigations, developer training, and our approach to building a security program. …


  10. Year[0]: AppSec at a Startup

    Have you wanted to be on the application security team at a startup, but were worried about having an employer that can’t figure out how to monetize its user base, being compensated in potentially worthless stock options, or discovering your company’s business model is based on selling a $400 juicer and expensive juice packets that could actually be squeezed by hand? If so, then this talk is for you! From the safety of the audience you’ll hear about the first year of an appsec program at a tech startup. We’ll cover how to win over the hearts and minds of your developers, useful tooling/automation, and other topics to rapidly improve the security of a growing SaaS startup. …