Blog

Filtering on: Strategy

  • It’s a Trap! Avoiding the Security Budget Trap.

    Strategy

    Mouse trap

  • Equifax: What’s the Score

    Application security Strategy

    Scoreboard

  • What is Security Engineering?

    Strategy

    Security Engineer is an interesting title.  Across our customers, it has different meanings to different people.  At one end of the spectrum, it is a synonym for a security analyst, which we think of as a skilled resource focused on a very specific portion of security – maybe monitoring the SIEM, maybe running static analysis, maybe feet on the ground doing vulnerability management.  At the other end of the spectrum, security engineering is software engineering around security related features.

  • Software Security Insurance

    Strategy

    Last week a well established application security company (that I respect) published availability of a $1,000,000 insurance policy for breach related costs related to applications it provides security source code review for.  I assume that the idea is that the review has more value if it has some financial assurance behind it.  Some folks who are cornerstones of the application security community, like Jeremiah Grossman, voiced strong support.

  • AppSec Qualifications

    Strategy

    At Jemurai, we often find ourselves in situations where a company wants to build their own application security program but doesn’t really know how.  That’s a common and very understandable problem given the trends in the industry (increasing focus on app security) and the inherent complexity of doing application security well.  We take great pride teaching and coaching organizations such as these to build successful programs.  Inevitably there comes a point where they want to hire someone to “run AppSec.”  Often, we’ll be asked for feedback on resumes or about candidates.  This happens often enough that I wanted to take a minute and write down some of the things we’ve learned and how we approach situations such as these.

  • 2017 Strategies

    Strategy

    As we have worked with clients in the back half of 2016, we have started to help them think about their 2017 strategies.  There are a couple of major themes we see again and again that are interesting.

Want to stay up to date with the lastest from Jemurai?

Sign up for our monthly newsletter!