mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 08:55:24 +00:00
29187773a5
# Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes (docs/Using Fleet/manage-access.md) - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2.7 KiB
2.7 KiB
ExpedITioners Podcast
Niels Hofmans: Threat modeling, open-source collaboration, and bug bounties.
Listen to the episode on Apple, Spotify, or PodBean.
Show notes:
Niels is the Head of Security at Intigriti, Europe's largest bug bounty platform, which connects 90,000+ security researchers to their customers' assets.
He manages cloud security, SoC, threat intelligence, application security, compliance, detection & response, infrastructure, incident response & more.
When not with his head in the trenches, he spends time writing experimental security tooling or executing various projects for customers.
Topics discussed:
- How Niels got their start in Cybersecurity.
- Developing proof of concepts for malware and workarounds.
- Making the transition from “amateur hacker” to “professional hacker”.
- What the bug bounty scene is all about.
- Convincing customers and larger names to trust a company like Integriti with confidential information.
- What a procurement process for a bug bounty company looks like.
- Tips for building out security programs and how to prioritize work.
- Returning to the fundamentals of a security threat model.
- Creating win-win situations between community and customers with open-source collaboration.
- The value of open-source.
- Where the security industry should be looking over the next five years.