- Scaling your security programme with Security Champions.
- Scaling AppSec through Scorecards.
- Shifting down, not just left.
- Shifting to runtime.
- Reducing noise, prioritising what matters.
- Eliminating bug classes at scale. Stop Firefighting.
- Adopting browser security features at scale.
- Building paved roads – with guardrails along the way.
Maybe it’s just the talks I’ve attended and articles I read. Maybe it’s just my rabbit hole that I went into. Or maybe… we’re all collectively realising the same thing.
I hit a wall. At the end of 2024, I went all-in on automation. I built MVPs, tested capabilities, and made it my mission to influence others to do the same.
Now half in 2025, my mission has become:
-> Building platform security.
-> Providing paved roads.
-> Enabling teams to go faster, safely.
I had created some workshop content for my own organisation Sage, to make an impact how we work. And it’s great to see that the proactive material I created for Sage, is now going to make an impact outside of Sage.
Influenced from the Security Signals paper from the team at Google, I created hands-on workshop content to create a room, where engineers and security specialists can not only test out proactive browser security features, but identify and discuss all the challenges that have to be faced by doing so (large scale adoption, centralised, modern vs legacy apps, refactoring).
I am super excited, to say that I will have the chance, to talk about this more this year.
Agenda for Hacker Summer School 2025:
- XSS is dead – Browser Security Features that Eliminate Bug Classes – Talk at BSidesLV
- Eliminating Bug Classes at Scale: Leveraging Browser Features for Proactive Defense – Workshop at DEF CON 33
More details will be provided soon, once links are up for signup / once schedule is live.