Twubhubbook - it's like appsec, but for startups (without notes)

Twubhubbook - it's like appsec, but for startups (without notes)

E0fdc1036537c1308400fc8ba6e987b0?s=128

Neil Matatall

January 24, 2017
Tweet

Transcript

  1. I T ’ S L I K E A P

    P S E C , B U T F O R S T A R T U P S TWUBHUBOOK
  2. Originally from the bay, Brent spends his time doing all

    the fun things LA has to offer while he longs for the days when he can move back home. Finally has a twitter account. a.k.a. @brentjo on GitHub @gsmbj on twitter Brent Johnson TROJAN. BOUNTY TRIAGE EXPERT. BUSINESS LOGIC FLAWS ARE HIS FRIEND.
  3. I like dog. Twitter: @ndm Neil “oreoshake” Matatall ASPIRING PARK

    RANGER. DOES NOT LIKE COMPUTERS.
  4. W H A T ’ S A T W U

    B H U B B O O K Greenfield In many disciplines a greenfield project is one that lacks constraints imposed by prior work. The analogy is to that of construction on greenfield land where there is no need to work within the constraints of existing buildings or infrastructure - Wikipedia
  5. W H A T ’ S A T W U

    B H U B B O O K C O N T ’ D Young application Think pre-pre-pre-pre-pre-IPO.
  6. W H A T ’ S A T W U

    B H U B B O O K C O N T ’ D Mature application
  7. The Future: 2025 D A Y O N E O

    N T H E J O B Oddly, the mannequin challenge is still even in 2025.
  8. 2 4 | Agree on acceptable technology | Always stay

    current | Review architecture | Code review culture
  9. 4 | Agree on acceptable technology | Always stay current

    | Review architecture | Code review culture
  10. 4 | Agree on acceptable technology | Always stay current

    | Review architecture | Code review culture
  11. | Agree on acceptable technology | Always stay current |

    Review architecture | Code review culture
  12. B E I N T H E B U S

    I N E S S O F P R E V E N T I O N SECURITY DOES NOT HAVE TIME TO FIX OR FIND BUGS
  13. What have we accomplished?

  14. Building a healthy culture W E E K 2 O

    N T H E J O B
  15. W E ’ R E H E R E T

    O S A Y “ B E C A R E F U L ” SECURITY IS NOT HERE TO SAY “NO”
  16. Twubhubbook hits its first milestone 1,000,000 MAUS

  17. What have we accomplished?

  18. The game has changed, strategies must be updated. PROCESSES MUST

    SCALE CULTURE MUST STAY STRONG FLEXIBILITY IS IMPORTANT
  19. FOCUS ON LEARNING “I TOLD YOU SO” IS FORBIDDEN “The

    incident”
  20. What have we accomplished?

  21. The security team grows D A Y ? ? ?

    O F ? ? ? Mommy, wow! I’m a big kid now.
  22. | FRAMEWORK HARDENING 2 4 3 1 | COLLAB WITH

    STANDARDS BODIES | SHARED RESPONSIBILITY
  23. The bug bounty turns 3! MORE BUGS, BIGGER BOUNTIES

  24. HOLD ON FOR YOUR ASSES PERHAPS TAKE UP MEDITATION Pre-IPO

  25. I HEARD YOU HAD TO WRITE A FIFO CACHE IN

    COLLEGE — CAN YOU REVIEW THIS MIPS CODE OUR CORE BUSINESS OPS NOW DEPEND ON? Stack Diversifies
  26. Development stack consolidates DON’T BUDGE ON SECURE BY DEFAULT, HARDEN

    THE FRAMEWORK, DESIGN SERVICES SECURELY.
  27. TESTS FOR EVERYTHING. ROLES FOR EVERYONE. Beyond basic appsec

  28. The IPO engineer = Twubhubbook.appsec_team.first; engineer.company = BayArea.startups.next;

  29. “STARTING UP SECURITY” - RYAN MCGEEHAN HTTPS://MEDIUM.COM/STARTING-UP-SECURITY “THE SAAS CTO

    SECURITY CHECKLIST” - SQREEN HTTP://CTO-SECURITY-CHECKLIST.SQREEN.IO/ Further Reading
  30. KAILUA KONA, HAWAI’I APRIL 2018 LOCOMOCOSEC.COM @LOCOMOCOSEC Loco Moco Security

    Conference