We’ve learned a lot during our journey to the Custom Policy Agent. It started as a YAML prompt and a simple question. Now it’s an intelligent, adaptive layer that turns natural language into consisten...

ALT: a man wearing a blue shirt that says barber vac on it

YouTube video by Anshuman Bhartiya

Reflections and predictions on the future of code reviews, taking inspiration from the CodeRabbit success.

About the Guest: Justin Elze is the CTO of TrustedSec, a highly acclaimed cybersecurity company. With over 14 years of industry experience, Justin is an expert in the field of offensive security, especially in the domain of red teaming and penetration testing. His extensive knowledge extends over several facets of cybersecurity, from system engineering to research. At TrustedSec, he also oversees the red team and research team, showcasing a driven career that advanced from hands-on technical roles to strategic leadership. Episode Summary: In this insightful episode of the cybersecurity-focused podcast, we have the pleasure of welcoming Justin Elze, the Chief Technology Officer of TrustedSec. The conversation dives deep into the world of offensive security, balancing technical expertise with leadership, and the evolution of penetration testing and red teaming in the dynamic cybersecurity landscape. The episode kicks off with host Phillip Wylie introducing Justin Elze and acknowledging his substantial experience in cybersecurity and defensive security. As they delve into the discussion, Justin shares his origin story, detailing his journey from IRC beginnings and computer repair to ascending the ranks in the cybersecurity realm. The conversation steers towards various career tips for aspiring cybersecurity professionals, touching upon certifications, the art of interviewing, and the importance of having a diverse skill set. Also discussed are current trends and future directions in offensive security, such as assume breach assessments, red team specialization, and purple team operations. Key Takeaways: Experience in IT prior to entering offensive security is invaluable for understanding business processes and applying cybersecurity measures effectively. For those looking to break into cybersecurity, certifications such as OSCP and specialized courses can offer a significant edge. Purple team operations are pivotal for organizations to develop robust defenses and improve upon the insights gained from offensive security assessments. Cultural shifts, such as the move towards more assume breach assessments, indicate the evolving strategies in red teaming and cybersecurity testing. Although specializations can be advantageous, they should be balanced with broader skills to remain adaptable in the swiftly changing cybersecurity landscape. Notable Quotes: "Once you get to a certain point of doing this, you really just need to focus on, hey, I found a really good class on AWS, found a really good class on enumeration." "You kind of need to look at where you are today, where things you think will be in five years." "The report is really what you're going to digest… Making sure that they [cybersecurity firms] are there to kind of support you after you have the report to digest it at different levels that you need." Resources: https://twitter.com/HackingLZ https://www.linkedin.com/in/justinelze/ TrustedSec website: trustedsec.com

Traditional SAST tools are built to catch Known Knowns—obvious, well-documented vulnerabilities—but they consistently miss the Known Unknowns like logic flaws and broken auth that vary by context and ...

Four Predictions for AppSec in 2025 By Ken Johnson and Seth Law In this joint blog from Seth Law at Redpoint and Ken Johnson at DryRun Security, we highlight how 2025 will be a pivotal year for large ...