Ken Johnson has been hacking web apps for 10 years. He started in networking, taught himself programming, and eventually built an application security consulting company before finally leaving to work at GitHub. Ken has spoken at RSA, You Sh0t the Sheriff, Insomni’hack, CERN, DerbyCon, AppSec USA, AppSec DC, AppSec California, DevOpsDays DC, LASCON, RubyNation, and numerous Ruby, OWASP, and AWS events about AppSec, DevOps security, and AWS security. Ken’s projects include the Absolute AppSec podcast, WeirdAAL, OWASP’s RailsGoat, and the Web Exploitation Framework (wXf).
If there is one myth that you could debunk in cybersecurity, what would it be?
Self-aggrandizing. We sometimes have to accept that we’re actually not that important. I feel that we do a lot to hype our unique/special culture, our silver-bullet products, the latest threats with a sexy logo and name, etc. But in the end, we’re one small aspect of most businesses. Sure, some businesses specifically have to take security up a notch. For most, though, we’re just one component of many in the typical business unit. I say this because, if you’re a newcomer, realize this early in your career, as it pertains to your approach. If you’re ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month, and much more.
