The Software Triforce, Part 3: Wisdom in Community
In the second post of this series, The Software Triforce Part 2: The Power of Discipline, I covered some of the benefits my team gained by doing our stab...
Filter By
Most Recent
The Software Triforce, Part 2: The Power of Discipline
In the first post of this series, The Software Triforce Part 1: Setting a Courageous Goal, I talked about our decision to set a clear, courageous goal fo...
The Software Triforce, Part 1: Setting a Courageous Goal
In nearly every installation of The Legend of Zelda, there is a resonating theme among the characters: the mystical power of the Triforce. Wisdom, Courag...
5 Red Flags Signaling Your Rebuild Will Fail
There’s always a reason to rebuild. Perhaps you’re a CEO of a startup that’s had some success and your engineers are clamoring to replatform and do a rew...
Preparing our software for a more dangerous Internet
PKC has begun a series of software initiatives with its clients to take on custom software projects in a way that is safe and secure—something which is m...
Software as a Symphony
In my previous post, I pointed out that as software developers writing business-driven software, we build automation, not products—at least not products ...
Software is not a Model-T
According to David Thomas, we went from following principles of an agile manifesto to doing Agile™ (just google image search “agile development cycle”). ...
SANS Top 20 Critical Control #4: Continuous Vulnerability Assessment and Remediation
CISOs have a tough job. They are faced with securing data across thousands of devices. They are often brought in after a bad breach and are asked to make...
Emscripten, Clojurescript, and Cryptography
An old adage in cryptography is that one should never “roll his or her own crypto.” Besides being really hard to get right, it is stress-inducing, time-...
Yet another end-to-end Encrypted App
So far, end-to-end encryption has primarily risen as a response to perverse cloud models where services are incentivized to collect as much data as possib...
Untangling the WebRTC Flow
Think of this as a companion guide to the official w3 spec. With better pictures. In plain English. This is an attempt at a flow-centric, rather than code-c...
SANS Top 20 Critical Control #3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
CISOs have a tough job. They are faced with securing data across thousands of devices. They are often brought in after a bad breach and are asked to make...
SANS Top 20 Critical Control #2: Inventory of Authorized and Unauthorized Software
CISOs have a tough job. They are faced with securing data across thousands of devices. They are often brought in after a bad breach and are asked to make...
SANS Top 20 Critical Control #1: Inventory of Authorized and Unauthorized Devices
CISOs have a tough job. They are faced with securing data across thousands of devices. They are often brought in after a bad breach and are asked to make...
SANS Top 20 Critical Control - Practical Advice for Chief Information Security Officers
CISOs have a tough job. They are faced with securing data across thousands of devices. They are often brought in after a bad breach and are asked to make...