Learn From AWS Security Expert, Aaron Bedra

Keely Caldwell No Comments

Our Chief Scientist, Aaron Bedra, will be on the road over the next month speaking at a few conferences. Most of his talks will involve around AWS Security and security for developers.

Aaron, a senior level security developer, has worked as a CSO and CTO and is the co-author of Programming Clojure, 2nd and 3rd Edition.  

You can catch Aaron at any of the conferences below:

Sunday, 4/22
Topic: AWS Security Essentials and Adaptive Threat Monitoring


Tuesday, 4/24
Topic: AWS Security Essentials


Thursday, 4/26
Topic: Security and Trust in a Microservice World


Monday, 4/30 (Keynote Speaker)
Topic: Security Skills for Developers


Wednesday, 5/9 (Keynote Speaker)
Topic: The Cost of Complexity


Monday, 5/14
Topic: AWS Security


Friday, 5/18
Topic: AWS: Critical Security Solutions for Developers

Insecure About Your Apps Security?

Keely Caldwell No Comments

Here at Jemurai, we take a human based approach to cybersecurity.

So, what does that mean? Security tools catch some vulnerabilities, but not all of them. For example, tools typically miss vulnerabilities related to business logic and user authorization and authentication. Addressing these vulnerabilities requires embedding security into your software development life cycle and code.

Want to learn more about securing your code?

Our CEO and the chair of OWASP, Matt Konda, is speaking on “3 Vulnerabilities That Security Tools Can’t Catch” at our free webinar on Wednesday, Sept. 13 at 1 pm CT.

This training will be valuable to the staff and leadership of both engineering and security teams.

Get information you can use today to improve the security of your code by signing up here.

You don’t want to miss this!

Predictions Sure To Go Wrong for 2017

Matt Konda No Comments

I don’t have much time to listen to Sports Radio anymore, but I used to love to listen to Mike & Mike on ESPN Radio.  They had a segment called Predictions, Sure to Go Wrong which was clearly their way of having fun making predictions while making fun of themselves and admitting they really had a strong likelihood of being wrong.  In that spirit, I offer these predictions for 2017.

Easy Predictions

Ransomware will continue to explode and countermeasures will evolve.

Phishing and Social attacks will continue to be a common and easy attack vector.

Vendors will continue to sell “Security in a Box” ™ despite the fact that this hasn’t worked for years.  People will continue to buy “Security in a Box” ™ even though they know it doesn’t work well because they don’t have any other options.

Technical debt will continue to grow and realizations about the scope of technical debt will explode.

Security leaders will continue to be underfunded not only because of the asymmetric nature of security but also because they will fail to own up to planning for the wrong adversary for the last few years.  Even substantial increases in budget (eg. 25% increase) will be a pittance compared to what is needed.

Lots of household name companies will get hacked.  Security will continue to be visible in geopolitical sphere.

Harder Predictions

Cloud providers – both at the platform and the security level – will continue to innovate and be able to provide some of the best security solutions available.  Already providing identity, WAF, key management, logging and network controls, automated monitoring and platform level predictive algorithms will advance and become more accessible to common users.

Efforts to build warrantees will fail.  The idea of accountability for software vulnerabilities is well founded.  Its just that software development is so complicated that a clear line of responsibility seems almost impossible to establish.  In cases where it might be, software firms I know would never sign on because they con’t control each and every developer to a level where they can absorb the inevitable breach.

Industry Wide

There will be active growth and consolidation in events, communities and vendors.

There will be emerging certifications for developers around security.

There will be broad training for people to get into security.


Companies will see the need for engineering work specific to security.  Things like the following will be increasingly interesting:

  • Authentication service
  • Authorization service
  • Managing secrets
  • Security automation
  • Application level signal for logs
  • Frameworks for mobile infrastructure

Hiring in 2017

Matt Konda No Comments

In 2017, we will be hiring both governance associates and security engineers / application security specialists.


Our governance team, lead by Rocio Baeza, is looking for people to assist with risk registers, policy, vendor management, and audit preparation work.

Application Security | Security Engineers

The technical consulting team is looking for software developers with security interest or a deep interest in security to help us with projects around security automation, building security components, etc.  For additional detail or to apply, see our job listing.