It's been a little over a year since I blogged, but it's for good reason. I've been heads down writing a lot of code and it's been quite the journey from Web Application Starter Pack nine months ago, to Nerine today.
Read full postWithin most areas of application security there is a broad range of threat actors who have the capability to exploit vulnerabilities in an application. With cryptography though, as long as the appropriate algorithms are used for their intended purpose and implemented correctly, the range of threat actors is reduced to only well-resourced attackers (typically nation-states).
Read full postWhen you open a web page each of the ads running on that page has the potential to do something malicious because ads are essentially programs that run in your browser.
Read full postIf I had to secure some new infrastructure paradigm I've never worked with, I would approach it by asking a series of questions based on core security principles and then suggest changes based on the answers.
Read full postKeeping people aligned and working in the same direction is difficult and writing things down helps reduce the difficulty.
Read full postThe hiring strategy I used to build a team from three to nine engineers over the course of three years, while also improving diversity on the team.
Read full post