Ray
@raybeorn.bsky.social
Life Coach, Conspiracy Theorist, and Absurdist. I do AppSec in my non-spare time for money. My opinions are now your opinions, but at least you are now right!
Reposted by Ray
I'm celebrating 5 years of Alice and Bob Learn Application Security! If my books or courses helped you get a job, build an #appsec program, or change careers, please comment in the thread. I would absolutely love to hear from you! 🙏
https://twp.ai/9PUdAU
https://twp.ai/9PUdAU
August 18, 2025 at 7:17 PM
I'm celebrating 5 years of Alice and Bob Learn Application Security! If my books or courses helped you get a job, build an #appsec program, or change careers, please comment in the thread. I would absolutely love to hear from you! 🙏
https://twp.ai/9PUdAU
https://twp.ai/9PUdAU
All i do is context switch
April 8, 2025 at 5:24 PM
All i do is context switch
I would really like to have something like raid shadow legends sponsor my next talk, so i can put a 5 min advertisement into my con talk.
March 20, 2025 at 5:16 PM
I would really like to have something like raid shadow legends sponsor my next talk, so i can put a 5 min advertisement into my con talk.
Got a new book today @shehackspurple.bsky.social
March 6, 2025 at 1:08 AM
Got a new book today @shehackspurple.bsky.social
Everyone is like rip tiktok but more like rip my feed.
January 19, 2025 at 5:51 AM
Everyone is like rip tiktok but more like rip my feed.
I am happy that appsec peeps aren’t talking about bug bounty and threat modeling all the time. I wonder what the next big buzzword is gonna be for appsec.
January 15, 2025 at 9:23 PM
I am happy that appsec peeps aren’t talking about bug bounty and threat modeling all the time. I wonder what the next big buzzword is gonna be for appsec.
Design a system that is PCi/HITRUST/Whatever compliant but it is vulnerable af.
January 7, 2025 at 3:14 PM
Design a system that is PCi/HITRUST/Whatever compliant but it is vulnerable af.
Was not a fan of compliance but now I am starting to see the merits in some cases.
November 22, 2024 at 6:05 PM
Was not a fan of compliance but now I am starting to see the merits in some cases.
Damn, it’s been a while since I’ve been on here
November 20, 2024 at 6:14 PM
Damn, it’s been a while since I’ve been on here
Reposted by Ray
Join @semgrep community for a live panel on "Building a Successful Security Champions Program: What Does it Take?" with AppSec veterans Chris Romeo @edgeroute, Dustin Lehr @DustinLehr1, Devin Rudnicki, and Ray Leblanc @Raybeorn
ow.ly/WngS50QBpRN
#SecurityChampions #AppSec
ow.ly/WngS50QBpRN
#SecurityChampions #AppSec
Building a Successful Security Champions Program: What Does it Take?
Join us for an insightful and interactive event, "Building a Successful Security Champions Program: What Does it Take?" where you'll have the opportunity to learn from a panel of experienced AppSec ve...
ow.ly
February 18, 2024 at 2:34 AM
Join @semgrep community for a live panel on "Building a Successful Security Champions Program: What Does it Take?" with AppSec veterans Chris Romeo @edgeroute, Dustin Lehr @DustinLehr1, Devin Rudnicki, and Ray Leblanc @Raybeorn
ow.ly/WngS50QBpRN
#SecurityChampions #AppSec
ow.ly/WngS50QBpRN
#SecurityChampions #AppSec
We have done bug bounties, DevSecOps, now threat modeling. Are we secure yet?
November 20, 2024 at 6:14 PM
We have done bug bounties, DevSecOps, now threat modeling. Are we secure yet?
I use to be a big believer in SCA but now I feel like we should start a crusade against it. Not all of it but most of it.
How many wasted dev hours have gone into fixing pointless shit?
How many wasted dev hours have gone into fixing pointless shit?
November 20, 2024 at 6:14 PM
I use to be a big believer in SCA but now I feel like we should start a crusade against it. Not all of it but most of it.
How many wasted dev hours have gone into fixing pointless shit?
How many wasted dev hours have gone into fixing pointless shit?
When are chain wallets going to be cool again? I just found my old one. I think im gonna wear it
November 20, 2024 at 6:14 PM
When are chain wallets going to be cool again? I just found my old one. I think im gonna wear it
App Security architects what KPIs do you use to show you are doing architectural work?
November 20, 2024 at 6:14 PM
App Security architects what KPIs do you use to show you are doing architectural work?
Reposted by Ray
Want to level up your threat modelling skills? Join us for an eye-opening conversation with @Raybeorn and host @shehackspurple, on the We Hack Purple podcast!
WHP: https://wehackpurple.com/podcast/episode-80-with-ray-leblanc/
#YouTube: https://youtu.be/q20AXw6gv0o
Sponsored by #semgrep
WHP: https://wehackpurple.com/podcast/episode-80-with-ray-leblanc/
#YouTube: https://youtu.be/q20AXw6gv0o
Sponsored by #semgrep
July 25, 2023 at 5:24 PM
Want to level up your threat modelling skills? Join us for an eye-opening conversation with @Raybeorn and host @shehackspurple, on the We Hack Purple podcast!
WHP: https://wehackpurple.com/podcast/episode-80-with-ray-leblanc/
#YouTube: https://youtu.be/q20AXw6gv0o
Sponsored by #semgrep
WHP: https://wehackpurple.com/podcast/episode-80-with-ray-leblanc/
#YouTube: https://youtu.be/q20AXw6gv0o
Sponsored by #semgrep
Reposted by Ray
I'm speaking at #ThreatModCon Oct 29th in Washington, DC, and the CALL FOR PAPERS is open! "Threat Modeling is for Everyone", CFP closes July 15th, get going!
https://www.threatmodelingconnect.com/general-discussion-32/call-for-papers-threat-modeling-conference-2023-238
https://www.threatmodelingconnect.com/general-discussion-32/call-for-papers-threat-modeling-conference-2023-238
July 13, 2023 at 12:33 AM
I'm speaking at #ThreatModCon Oct 29th in Washington, DC, and the CALL FOR PAPERS is open! "Threat Modeling is for Everyone", CFP closes July 15th, get going!
https://www.threatmodelingconnect.com/general-discussion-32/call-for-papers-threat-modeling-conference-2023-238
https://www.threatmodelingconnect.com/general-discussion-32/call-for-papers-threat-modeling-conference-2023-238
Just checked out the MASVS, i like the new version.
November 20, 2024 at 6:14 PM
Just checked out the MASVS, i like the new version.
So i took the ASVS, got it down to under 50 controls. Decided whether the controls could be tested thru automation or manually. This will be the start of my api security standard.
November 20, 2024 at 6:14 PM
So i took the ASVS, got it down to under 50 controls. Decided whether the controls could be tested thru automation or manually. This will be the start of my api security standard.
Is the OWASP Top 10 for LLMs really valid if it wasn’t generated by LLMs?
November 20, 2024 at 6:14 PM
Is the OWASP Top 10 for LLMs really valid if it wasn’t generated by LLMs?