I posted this last Friday on LinkedIn, do you disagree? Let me hear you if so 😄

How We Turned Natural Language Into a Scalable Agentic AppSec Engine We’ve learned a lot during our journey to the Custom Policy Agent. It started as a YAML prompt and a simple question. Now it’s an intelligent, adaptive layer that turns natural language into consisten...

DryRun Security is always transparent about both the good & the bad: www.dryrun.security/blog/how-we-...

a man wearing a blue shirt that says barber vac on it ALT: a man wearing a blue shirt that says barber vac on it

Nearly spit out my coffee this morning when I read:

"The World’s First Agentic Security Orchestration System" 🤣

The Boring AppSec Podcast with Ken Johnson YouTube video by Anshuman Bhartiya

Thanks again to The Boring AppSec podcast for having me on! We got discuss everything from context engineering to MCP servers and much more:

www.youtube.com/watch?v=sLW1...

Less than 1 week out (June 16/17) and @sethlaw.bsky.social and I still have seats left for our remote/virtual (AI Enhanced) Manual Secure Code Review course. Sign up at the @absoluteappsec.bsky.social site:

training.absoluteappsec.com

2 weeks left to register for this course! (and we've got some "hush hush" additional content/code for the course 🙂). Register at training.absoluteappsec.com

www.linkedin.com/posts/absolu...

How Code Reviews are Changing with AI 🔍 Reflections and predictions on the future of code reviews, taking inspiration from the CodeRabbit success.

Interesting read on adapting developer workflows with (functional) AI Code Reviews:

refactoring.fm/p/ai-code-re...

📣📣📣 REMINDER 📣📣📣

The @absoluteappsec practical secure code review course was moved from May to June 16 & 17. We still have seats available!

Register at training.absoluteappsec.com

Justin Elze: A CTO's Offensive Security Insights by Phillip Wylie Show About the Guest: Justin Elze is the CTO of TrustedSec, a highly acclaimed cybersecurity company. With over 14 years of industry experience, Justin is an expert in the field of offensive security, especially in the domain of red teaming and penetration testing. His extensive knowledge extends over several facets of cybersecurity, from system engineering to research. At TrustedSec, he also oversees the red team and research team, showcasing a driven career that advanced from hands-on technical roles to strategic leadership. Episode Summary: In this insightful episode of the cybersecurity-focused podcast, we have the pleasure of welcoming Justin Elze, the Chief Technology Officer of TrustedSec. The conversation dives deep into the world of offensive security, balancing technical expertise with leadership, and the evolution of penetration testing and red teaming in the dynamic cybersecurity landscape. The episode kicks off with host Phillip Wylie introducing Justin Elze and acknowledging his substantial experience in cybersecurity and defensive security. As they delve into the discussion, Justin shares his origin story, detailing his journey from IRC beginnings and computer repair to ascending the ranks in the cybersecurity realm. The conversation steers towards various career tips for aspiring cybersecurity professionals, touching upon certifications, the art of interviewing, and the importance of having a diverse skill set. Also discussed are current trends and future directions in offensive security, such as assume breach assessments, red team specialization, and purple team operations. Key Takeaways: Experience in IT prior to entering offensive security is invaluable for understanding business processes and applying cybersecurity measures effectively. For those looking to break into cybersecurity, certifications such as OSCP and specialized courses can offer a significant edge. Purple team operations are pivotal for organizations to develop robust defenses and improve upon the insights gained from offensive security assessments. Cultural shifts, such as the move towards more assume breach assessments, indicate the evolving strategies in red teaming and cybersecurity testing. Although specializations can be advantageous, they should be balanced with broader skills to remain adaptable in the swiftly changing cybersecurity landscape. Notable Quotes: "Once you get to a certain point of doing this, you really just need to focus on, hey, I found a really good class on AWS, found a really good class on enumeration." "You kind of need to look at where you are today, where things you think will be in five years." "The report is really what you're going to digest… Making sure that they [cybersecurity firms] are there to kind of support you after you have the report to digest it at different levels that you need." Resources: https://twitter.com/HackingLZ https://www.linkedin.com/in/justinelze/ TrustedSec website: trustedsec.com

Justin Elze: A CTO's Offensive Security Insights podcasters.spotify.c...

Beyond Pattern Matching: Why Context Is the Future of Application Security Traditional SAST tools are built to catch Known Knowns—obvious, well-documented vulnerabilities—but they consistently miss the Known Unknowns like logic flaws and broken auth that vary by context and ...

There is a philosophical difference between augmenting deterministic methods with AI vs starting with probabilistic methods and enriching analysis thru code comprehension.

Put plainly - When you start with patterns, you miss what REALLY matters.

www.dryrun.security/blog/beyond-...

🇲🇽Happy Cinco De Mayo! 🇲🇽

And there is even more reason to celebrate because there are still seats left for @sethlaw.bsky.social and I’s @absoluteappsec.bsky.social Secure Code Review course next Monday & Tuesday 😜 (training.absoluteappsec.com)

On the last episode of @absoluteappsec.bsky.social - @sethlaw.bsky.social and I demonstrated how to get started with Claude Desktop + Damn Vulnerable MCP Server. Shortened clip:

Thanks! I’ve tried BlueSky (obviously) but never Threads. Going to give that a shot.

What are the far better platforms? Really asking because I’ve only experienced this platform and Mastadon… not impressed with X or those options either.

🚨 On May 12 & 13, @absoluteappsec.bsky.social is running a virtual Secure Code Review course!

✅ Great for devs & security folks
✅ Tech-agnostic, hands-on
✅ Manual review + smart AI assist
✅ Cert on completion

Taught by @sethlaw.bsky.social & I — sign up at: training.absoluteappsec.com

We've heard the community and in response @sethlaw.bsky.social
and I are finally delivering the
@absoluteappsec.bsky.social Secure Code Review course again, **virtually**, at the end of this month (March 27 & 28th).

Register at training.absoluteappsec.com

DM for any questions you might have.

You do not want to miss!

How AI and LLMs Will Shape AppSec in 2025 - Redpoint Security Four Predictions for AppSec in 2025 By Ken Johnson and Seth Law In this joint blog from Seth Law at Redpoint and Ken Johnson at DryRun Security, we highlight how 2025 will be a pivotal year for large ...

New blog post is up, coordinating with @cktricky.bsky.social (shocking, I know). What are your thoughts on how AI and LLMs will further shape the industry?
redpointsecurity.com/how-ai-and-l...