The InfoSec Chronicles
Hi there, my name is Ori Zuckerman, I'm a Software Engineering Manager based in Tel Aviv.
In the last 15 years I've been running software teams working on various products, mainly for cyber security companies.
Throughout my years as a developer and a developers' manager I noticed the lack of security awareness among software developers. I've seen some excellent developers making honest mistakes in their code that could cause their companies colossal damage, if ony these mistakes were exploited to exfiltrate data by bad actors. I've seen extremely complicated, well written code that does great things, but at the same time leaves the door open for SQL Injection or Remote Code Execution (RCE).
All these due to the simple fact that software developers don't pay the right attention to application security, be it lack of knowledge, carelessness, or just a lack of focus. One way or another, there are just too many code vulnerabilities left out there unnoticed in software codebases.
The InfoSec Chronicles is my personal project where I will be promoting application security through secure coding, vulnerability scanning, misconfiguration detection and best practices. I will be posting about things like creating a secured software development lifecycle (SDLC) and automating security throughout the CI/CD pipeline, about code scanners, and practically on any other way that can help software developers release a more secured applications. I will also be posting about creating a security aware culture throughout the organization, about things like shared responsibility, security by design and by default, and the DevSecOps approach. I will publish technical guides on code security pitfalls and how to avoid them.
The InfoSec Chronicles is aimed for software developers, devops, security engineers and basically any security enthusiasts that want to broaden their knowledge about application security.
I would love to be in touch with you readers, should you have any question, comment, or just say Hi, feel free to drop an email, DM on Twitter or LinkedIn. And if you find the content interesting, make sure to subscribe so you won't miss a thing. And finally, any share to help spread the word will be greatly appreciated
Thanks for reading thus far, stay tuned for the upcoming content.