When designing these trainings, my goal was simple: Create the kind of courses I wish had existed earlier in my own career. Many experienced security practitioners reach a point where basic vulnerability discovery is no longer enough. The real challenge becomes designing systems that prevent entire classes of vulnerabilities from appearing in the first place. 2-Day Core Training Sat, August…
Leave a CommentTag: conference
Last year at DEF CON 33, I ran a 4-hour workshop on browser defenses. The response afterwards was incredibly motivating. Many participants told me two things: this was the kind of training they wished had existed earlier in their careers; and the material content is so up-to-date some stuff discussed was just a few weeks old. Over the following months…
Leave a Comment
You know that feeling after a good conference week. You talk to smart people doing impressive work. You find one or two talks that really hit home. You fly back motivated, notebooks full, head buzzing. For the next two or three months, your energy is back. And sometimes, weeks later, one of those ideas actually turns into a real project.…
Leave a Comment
Over the past few years, I’ve spent more time than I’d like to admit in the weeds — reviewing reports, fixing recurring bugs, writing guidance that never scales. Like many in AppSec, I’ve asked myself: Why are we still fixing the same bug classes in 2025 that we were in 2015? This frustration was the starting point for something more…
Leave a Comment
Maybe it’s just the talks I’ve attended and articles I read. Maybe it’s just my rabbit hole that I went into. Or maybe… we’re all collectively realising the same thing. I hit a wall. At the end of 2024, I went all-in on automation. I built MVPs, tested capabilities, and made it my mission to influence others to do the…
Leave a Comment
At DEFCON32, my colleague Andra Lezza and I presented a talk on building and securing LLM applications – particularly chatbots – drawing from our work at Sage. One of the highlights of our talk was a practical proof of concept: a smart home setup using Home-Assistant.io, which we showcased to demonstrate safety implications and security considerations of AI-integrated applications. In…
2 Comments
During my time in Toronto, it was not just about security of LLMs but also a lot about reunion and meeting fantastic people, one story I definitely wanted to share with you: Four years ago, in my previous role at EXXETA in Stuttgart I was mentoring Fabian, an enthusiastic working student. Since then, it’s almost as if fate keeps bringing…
Leave a Comment
I had a great time speaking at ThreatCon.io Hacking Conference in beautiful Kathmandu, Nepal. During my talk we discussed the new world of LLM auto-suggested code and therefore it’s influence on secure coding. One of the key findings I demoed is, that while tools like GitHub Copilot can speed things up, they sneak in various vulnerabilities. But we also discussed…
Leave a Comment
Last month I attended the OWASP Global AppSec conference in San Francisco. The OWASP conference focuses exclusively on application security, and that’s what I liked about it. The people I met there have the same job description as me: we support software development teams in securing the software development lifecycle and we help to deliver secure products for our customers.…
Leave a Comment
I just finished my talk at Ekoparty Security Conference Maintrack. It’s day 2 of three and the conference is just a blast. It is such a great selection of presentations and I am looking forward to the new connections I’ve made! Ya está disponible la charla de @javanrasokat: "A race against time" ▶️ https://t.co/dI6OoMwleO#MainTrackTalk #EKO2022 pic.twitter.com/GjmTqrWda2 — Ekoparty | Hacking…
Leave a Comment