Security Journey Blog

Security Culture Security Journey News

Dec 19, 2022

[Security Boulevard] Moving Beyond Security Awareness to Security Education

This article was written by Sue Poremba for Security Boulevard. While security awareness training is helpful to assist employees in recognizing threats, phishing and social engineering attacks are successful enough that it is clear that awareness training alone isn’t enough.

Read More - [Security Boulevard] Moving Beyond Security Awareness to Security Education

Security Culture Security Journey News

Oct 31, 2022

[Dark Reading] Does Security Have to Get Worse Before It Gets Better?

This article was written by Amy Baker for Dark Reading. How to solve the software vulnerability problem across the entire SDLC.

Read More - [Dark Reading] Does Security Have to Get Worse Before It Gets Better?

Security Culture Security Journey News

Oct 25, 2022

[Dark Reading] Security Leaders are Calling for Industry to Take Action and Programmatically Improve Secure Coding Education

This article was posted on Dark Reading. Currently, none of the top 50 undergraduate computer science programs in the U.S. require a course in code or application security.

Read More - [Dark Reading] Security Leaders are Calling for Industry to Take Action and Programmatically Improve Secure Coding Education

Security Culture Security Journey News

Sep 2, 2022

[Dark Reading] Feds, npm Issue Supply Chain Security Guidance to Avert Another SolarWinds

This article was originally posted on Dark Reading. The US government and the Open Source Security Foundation have released guidance to shore up software supply chain security, and now it's up to developers to act.

Read More - [Dark Reading] Feds, npm Issue Supply Chain Security Guidance to Avert Another SolarWinds

Security Culture

Aug 11, 2022

Create a Security-First Mindset Across the Full SDLC Team

When you think about how to reduce application security risks, training your development team on secure coding strategies is the first thing that comes to mind. And for good reason. Security-minded...

Read More - Create a Security-First Mindset Across the Full SDLC Team

Security Culture

Nov 11, 2021

Explain Sigstore to Me Like I'm Five

If you have paid attention to supply chain security in 2021, you've likely heard a lot about Sigstore.  If you are still not sure exactly what it is, do not worry. We will provide an explanation that even a child can follow.

Read More - Explain Sigstore to Me Like I'm Five

Secure Coding Training Application Security Security Culture

Oct 12, 2021

How do you Train Developers in Secure SDLC Practices?

As the threat environment grows more serious, applications have become a more vulnerable part of the overall attack surface.

Read More - How do you Train Developers in Secure SDLC Practices?

Secure Coding Training Security Culture

Jul 26, 2021

What is a Capture The Flag Event, and How Does It Benefit Developers?

A Capture the Flag event, or CTF for short, is a gamified exercise designed to test cybersecurity skills. The goal of the game, much like in the live-action, outdoor game many of us remember from childhood, is to get the highest score by capturing the most flags. 

Read More - What is a Capture The Flag Event, and How Does It Benefit Developers?

Application Security Security Culture

Jul 8, 2021

How Security Champions Help Improve Application Security

Application security is a major concern for many organizations.  In 2020, over 23,000 new vulnerabilities were discovered and publicly reported in production applications.  On average, a codebase ...

Read More - How Security Champions Help Improve Application Security

Secure Coding Training Application Security Security Culture

Jun 18, 2021

How Secure Coding Training Fits Into The Shift Left Movement

In the past, security was not seen as a priority during the development process. Often, developers would only perform vulnerability scans and security audits as part of the testing phase of the...

Read More - How Secure Coding Training Fits Into The Shift Left Movement

Security Culture

May 24, 2021

How to Put the Threat Modeling Manifesto Into Action

If you have not yet seen the Threat Modeling Manifesto, you’re missing out.

Read More - How to Put the Threat Modeling Manifesto Into Action

Secure Coding Training Application Security Security Culture

Feb 2, 2021

How to Shift Left and Increase Long-Term Efficiency

In software development, issues become more time-consuming and more expensive the longer it takes to find and fix them. Find defects too late in the development cycle, and you could risk a delayed...

Read More - How to Shift Left and Increase Long-Term Efficiency