During my last week at SEEK, the team and I managed to get Listo open sourced, a project I have been working on for a while (with the help of a small talented team of engineers from around the org) that was inspired by goSDL and uses questionnaires and checklists to make it easy for engineers to do right thing, regarding the software they build. The blog post with more information can be found below :)
My 5 Year Journey at SEEK07 Feb 2020
After almost 5 years it’s hard to accept that Friday was my last day at SEEK…
Absolute AppSec Ep 63 - Developer Education, RFC's and Checklists03 Jul 2019
I was invited onto the Absolute AppSec Podcast today where i was lucky enough to chat to Seth and Ken about the different types of developer education we use at SEEK, how to build a security culture, a different approach to standards via the Riot Games RFC concept, goSDL checklists, AppSec Day talks and more!
Four Years of Reflection - How (Not) To Secure Web Applications - DevSecCon | DevOps Talks | OWASP Melbourne 201905 Jun 2019
I recently presented a talk at DevSecCon Singapore, DevOps Talks Conference and at a joint security Meetup on some of the security highlights and lessons learn’t from the last 4 years at SEEK.
Announcing SEEK's Public Bug Bounty Program29 Jan 2019
I was lucky enough to be a part of SEEK’s three year bug bounty journey. This year we announced our public program that is open to all researchers, instead of being invite only. I wrote up a short piece for the announcement on the SEEK tech blog which has some stats about our program to date that might be of interest :)
A Comprehensive Guide to Running a Bug Bounty Program01 Jan 2019
With the Year-of-the-Breach behind us (I feel like we say that every year), it’s important for businesses with publicly available assets storing sensitive data (websites, services, infrastructure) to setup a process for members of the general public to report security vulnerabilities discovered within their systems and applications…
AppSec Day Conference 2018 - In Review19 Oct 2018
AppSec Day 2018 conference has finished up for the year and what a ride it has been! This was the third year we have run the AppSec Day conference, doubling in size every year, which has it’s difficulties, but is worth the experience and the reward it brings. When receiving mostly positive feedback from attendees and those involved and the satisfaction of working with a highly passionate team of volunteers, who all worked really well together, to pull off a successful event. Below are some of the highlights from the day…
Running a Bug Bounty Program at SEEK Jobs - TConf & NDC Sydney 201708 Dec 2017
I recently spoke at NDC Sydney 2017 and TConf 2017, Australian developer and tester conferences, about how bug bounty programs can be a great control to reduce security issues within web and mobile applications.
It covered how to run a bug bounty program, their pro’s and con’s and an update on seek.com.au’s program, including a show and tell of a few recent bugs that have been reported…
Delivering an Application Security Training Course01 Oct 2017
The goal of a web application security training program is to raise security awareness and teach technical teams about security concepts, so that security issues are less likely to turn up in production code…
Tackling Security Culture and Awareness01 Sep 2017
Software development companies are starting to realise that to innovate, stay relevant and compete with competitors they need to adopt a different culture, to enable them to develop, release software faster and attract talent…