How Tide transitioned to developer-first security with Semgrep
Summary
TLDRDeani, a senior product security engineer at Tide, discusses her role in integrating security into the software development lifecycle. She emphasizes the importance of a secure SDLC model, empowering developers to 'shift left' and prioritize security from the design phase. Tide focuses on reducing false positives and enabling custom rule creation, which has led to a 100% fix rate for vulnerabilities. Deani also highlights the success of Tide's Security Champions program, which educates and involves developers in creating and managing security rules, fostering a proactive security culture.
Takeaways
- 😀 Davani is a product security professional with extensive experience in safeguarding web and mobile applications.
- 🏢 Tide is a leading provider of digital business banking services, offering mobile-first solutions for small and medium-sized businesses.
- 🔐 Davani's role at Tide focuses on implementing a secure SDLC model, emphasizing a 'shift left' approach to integrate security early in the development process.
- 🤝 Tide's security team adopts a collaborative approach, aiming to empower developers with security knowledge and tools rather than a punitive model.
- 🛠️ Tide's security strategy includes the use of various security tools and methodologies, with a specialization in OAS (Open Application Security).
- 🔍 Tide's team is particularly interested in reducing false positives in security scanning and empowering developers to own and manage security rules.
- 🛡️ Tide has implemented custom rules with a 100% fix rate, significantly reducing the burden on developers by eliminating false positives.
- 🤖 The introduction of AI capabilities in security tools like Semgrep has been welcomed by Tide's team for its ability to provide real-time, context-specific advice.
- 🔑 Tide is keen on integrating new features such as IDE integrations and secret scanning to further enhance security practices and reduce false positives.
- 🌟 Tide's Security Champions program plays a crucial role in fostering a security-aware culture among developers and promoting the adoption of security best practices.
Q & A
What is Deani's role at Tide?
-Deani is the Senior Product Security Engineer at Tide, focusing on providing a secure Software Development Life Cycle (SDLC) model, empowering developers with security knowledge, and ensuring security is integrated at every step of the development process.
What does Tide provide as a company?
-Tide is a leading provider for digital business banking, offering mobile-first business accounts to small and medium-sized businesses. They provide instant account opening and a range of financial services.
How does Tide align security with its business goals?
-Tide's security team focuses on enabling the 'shift left' principle, integrating security from the design phase through development, and ensuring security is embedded at every step to reduce risks and increase resilience.
Why was reducing false positives a significant concern for Tide?
-Tide aimed to prevent high and critical issues from reaching production. They sought tools that would minimize false positives to avoid blocking developers' work, ensuring a smoother and more efficient development process.
What was the major advantage Tide found with Semgrep's reachability analysis?
-Semgrep's reachability analysis was a major selling point for Tide as it significantly reduced false positives by ensuring that only vulnerabilities in the code that are actually reachable are flagged, thus improving the accuracy of security assessments.
How does Tide involve its engineers in creating custom security rules?
-Tide has a security Champions program where they involve engineers in creating custom rules. They provide education and tools, encouraging developers to take an active role in identifying and addressing security concerns within their code.
What is the significance of Tide's 100% fix rate for custom rules?
-Tide achieved a 100% fix rate for custom rules, indicating that all identified vulnerabilities by these rules were addressed by developers, demonstrating the effectiveness of their security practices and the engagement of their engineering team.
How does Tide plan to scale the creation and management of custom rules?
-Tide plans to scale custom rule creation by continuing to educate and empower their developers through the security Champions program, providing them with the tools and knowledge to manage security rules within their projects.
What are Tide's thoughts on the new AI capabilities in Semgrep?
-Deani expresses enthusiasm for Semgrep's AI capabilities, as it offers real-time assistance and remediation advice, which can help developers understand and resolve security issues more efficiently.
How does Tide view the integration of Semgrep with IDEs?
-Tide sees the integration of Semgrep with IDEs as a valuable 'shift left' approach, allowing developers to address security issues right from the coding phase, which can further streamline the development process.
What is Tide's stance on the recent feature of secret scanning in Semgrep?
-Tide recognizes the importance of secret scanning to prevent the disclosure of sensitive information. They appreciate Semgrep's approach to reducing false positives by focusing on active secrets, which helps developers focus on relevant security issues.
Outlines
👋 Introduction and Welcome
The script begins with a host welcoming the audience and introducing Deani from Tide Financials, a product security professional with extensive experience in safeguarding web and mobile applications. Deani's role involves implementing robust security frameworks and integrating security into the software development life cycle at Tide, a leading fintech company. The host encourages audience interaction through Zoom reactions or Slack and sets the stage for an informative session by asking Deani to explain Tide's services and her role there. Deani outlines Tide's focus on digital business banking for small to medium-sized businesses with a mobile-first approach and her mission to empower developers with security knowledge.
🔒 Shifting Security Left
Deani discusses Tide's security strategy, emphasizing the 'shift left' approach, which aims to integrate security from the design phase through development. She highlights the importance of risk assessments and embedding security tools like SAST and SCA in the build pipelines. The conversation shifts to Tide's experience with SRE, where Deani shares her team's focus on reducing false positives and custom rule capabilities. She explains how Tide's security team aligns with the company's goals by ensuring security is a priority in every phase of the software development process.
🛠️ Custom Rules and Developer Empowerment
Deani delves into Tide's implementation of custom rules, explaining how they've worked with developers to create rules that yield a 100% fix rate, effectively eliminating false positives. She introduces Tide's Security Champions program, which involves developers in the security process, allowing them to understand and create rules that secure their code. The program fosters a collaborative environment where developers are encouraged to take ownership of security measures, leading to more secure software development.
🌟 New Features and Integrations
The discussion turns to new features introduced by SRE, such as AI capabilities and IDE integrations. Deani expresses enthusiasm for AI's potential to provide real-time remediation advice, simplifying the developer's workflow by reducing the need for manual research. She also mentions the interest from Tide's developers in integrating SRE's IDE tools to catch security issues early in the development process. Deani anticipates the benefits of these features in enhancing Tide's security practices and reducing the workload on the security team.
🏆 Closing and Future Integrations
In the final paragraph, the host thanks Deani for her insights and contributions to the session. Deani expresses her eagerness to integrate more of SRE's features at Tide, particularly the AI assistant and secret scanning, which aligns with Tide's goal of minimizing false positives and empowering developers. The host invites any final questions from the audience before concluding the session and Deani prepares to leave for other commitments, having shared valuable knowledge and experiences.
Mindmap
Keywords
💡Product Security
💡Shift Left
💡SDLC (Software Development Life Cycle)
💡Security Champions
💡Custom Rules
💡Reachability Analysis
💡False Positives
💡Threat Modeling
💡IDE Integrations
💡Secret Scanning
Highlights
Deani from Tide Financials emphasizes the importance of integrating security into the software development lifecycle.
Tide is a leading provider of digital business banking, offering mobile-first services to small and medium-sized businesses.
Deani's role involves ensuring a secure SDLC model, empowering developers to adopt security practices early in the development process.
Tide's security team focuses on reducing risks and increasing the resilience of their software through collaboration and education.
Deani discusses the selection criteria for security tools, prioritizing those that are user-friendly and can be easily adopted by engineers.
Tide has successfully reduced false positives by 80% using Semgrep's reachability analysis feature.
Custom rule capabilities in Semgrep allow Tide's engineers to create rules that achieve a 100% fix rate.
The security Champions program at Tide educates and involves engineers in creating and managing security rules.
Deani highlights the importance of threat modeling sessions in fostering a security-aware culture among developers.
Tide's approach to security is collaborative, aiming to provide developers with the tools and knowledge to make secure decisions.
Semgrep's AI capabilities, such as the assistant feature, are seen as a valuable resource for real-time security guidance.
Integration of Semgrep with IDEs like VS Code and JetBrains is a step towards earlier detection of security issues.
Deani expresses interest in exploring Semgrep's secret scanning feature to prevent the disclosure of sensitive information.
Tide's security team is keen on integrating new features that reduce false positives and improve developer efficiency.
Deani shares her personal experience with Semgrep's AI assistant, appreciating its real-time remediation advice.
The transcript concludes with a discussion on the future integration of Semgrep's new features at Tide.
Transcripts
[Music]
good morning good afternoon everybody
thank you for joining us we are very
lucky to have um uh with us davani from
tide so deani is a product security
professional she's been the industry for
many years hands on experience with
safeguarding web and mobile applications
um she studied cyber security as part of
her
education uh specializing in
implementation of robust security
Frameworks and in her current role at
tide tide financials which is one of the
leading uh finex she's been instrumental
in pushing out security uh into their
software development life cycle reducing
the risks um and in general increasing
the overall resilience um and and she's
also proficient with a lot of tools from
a security perspective and methodologies
with a specialization in OAS so please
join me in welcoming her with a big
round of applause you could use the zoom
reactions if you want or you could do it
uh yes as well so thank you for uh that
um uh welcome deani uh thank you for
your time um just a quick note from a
from a housekeeping perspective so I
have a few questions we're going to
start off with but if you guys have any
questions which are top of mine feel
free to put them in the zoom chat feel
free to put them in the in the slack
Channel and I'll make sure we kind of
ask ask those as we go through this
session as well uh but again thank you
deani for joining us this morning um
kind of standard question you know uh
can you tell us the audience a little
bit about what tide does um and and and
your role at tide uh just to get us
started sure so hi everybody my name is
deani uh I am the senior product
security engineer at tide TI is
basically a leading provider for digital
business banking uh we are a mobile
first company where uh we provide
business accounts to small and
mediumsized businesses and uh instantly
like people can open their account and
you know get a lot of financial services
in buildt so we are a global company we
have uh our mark in UK India and we are
rolling out uh slowly in the new markets
as well uh apart from that uh my role at
TI basically whatever is security is my
role at TI uh we majorly focus on
providing like secure sdlc model at tide
making sure that we Empower our
developers to you know uh shift left and
making sure that they understand
security and try to make their decision
you know more and more secure so
basically it's more of engineering
empowerment rather than us you know
enabling it and making sure that our
developers understand security they can
you know constantly reach out to us
regarding anything and take the security
decisions on their
end love that and you know kind of that
just that whole model and mindset of
collaboration as opposed to
confrontation of more carrots and less
sticks love that and what I have seen
working with customers is the more you
take that methodology of collaboration
the more successful it would be and just
kind of at a high level you know um I
always like asking this question we work
with lots of different customers Fortune
500s fex
retail uh from a tide perspective you
know your team from a security side what
is the m h how does your team uh align
or what are the main goals of your team
in making making tide as is a business
successful so our team mostly works on
making things secure basically we want
to enable this particular principle like
shift left from the designing phase to
the development phase to making sure by
the end of it we are secure in each and
every step so as I mentioned regarding
stlc model we will make sure that each
and every step will have a security in
place enabling like having different
sort of risk assessments making sure we
have the tools embedded like Dash sea
Dash tools included in the built
pipelines uh making it aware to our
Engineers so that they can start using
those
tools is teaching them regarding you
know educating them basically regarding
all these tools and making sure that
they understand it they fix the issues
before it land UPS in production so we
are more our major principle is
empowering the engineers with uh
thinking that we want to shift left
brilliant no absolutely it's a great
model of around hey how can we find
things quicker earlier shift left
uh now changing a little bit of gars so
just for context for the audience I
think tide became a sreb customer around
10 months back or so beginning of the
year um I want I would love for you to
kind of
share uh a little bit about you know
when 10 months back when we started
talking you know what kind of products
were you looking for uh what were kind
of some of the key things that you
wanted in that uh in those products what
were kind of some of the and we we'll
unpack that's a loaded question so let's
get started with you know where you were
you know what kind of products were you
looking at
Etc so as at the back of our mind we'll
always have this shift lift approach we
will make sure that each and every
particular you know process will have a
security tool embedded and the major
part when it comes to development of you
know any of the projects uh we will
always look into SCA SAS tools now uh
being like a security driven company as
well we always make sure that our
pipelines and you know our whole
infrastructure is secure uh with the
code base being like the major uh place
where it we want to make it more and
more secure every day so then we looked
into srep we were also like looking into
different kind of tools and making sure
that there are a lot of like uh
competition regarding SC and SAS tools
so what we were thinking of like when we
ever choose a tool we not only choose
like whether it can give you the best
approach or not but we also choose it in
a manner whether our Engineers will be
able to use it whether it will be
interesting and you know it will be more
readable to the engineers whether they
are able to you know grasp it and just
make a quick you know fixes uh in uh
when they are developing the whole thing
so when it came to sreb the major
advantages and I think we will get into
more of it but the major advantages
which we found out was that it is more
easier for our developers to get into
sem grip uh more easier for them to
focus on the major parts which they need
to focus on rather than the ones which
they don't need to focus on and make a
secure
product brilliant now absolutely love
that and I I think it's it's really
interesting the one one thing that I
remember even during our engagement back
then and now
is security teams are or absc teams are
maybe 50% of the consumer at maximum
maybe even lesser so you're actually
making the decision on behalf of your
developers uh and keeping that mindset
and saying hey I'm not just looking for
something which is easy for me but what
would make it easy is brilliant so uh
let's dive deeper into it and I know um
one of the the the areas that you were
really interested in was around reducing
false positives and being able to kind
of own the rules and being that was a
gap that you had with some of the
previous experiences um that tide had
with vendors and do you want to talk a
little bit about you know why was that
an important uh talk a little bit about
our custom rule capabilities and how how
tide is using it so uh I'll break it
down into two different aspects
basically first is the sca part so uh
for us uh the major thing is that we
always want like all the high and
critical issues not to wind up in
production so we will make sure that you
know we are blocking some of the
pipelines at a point where we see any
highend critical issues now when we were
analyzing different tools we were making
sure that you know what sort of tool our
Engineers can use which will not give
them false positive to you know block
their work because if we start to you
know use a tool which can block them in
certain scenarios it becomes very hard
to you know say that Engineers can use
that tool and it's easier them for them
to use it but when we were looking into
Sam grab the I I think in our previous
conversations also the major part which
we wanted was uh making it less and less
false positive so when you guys come up
with the feature of reachability
analysis it was the major selling point
for us because at that point like we
reduced I think 80% of the false
positive capabilities so that was the
major selling point for us just because
now we can you know just go to the
engineer saying that you are not getting
any false positives it's all which is in
the code it's reachable in the code you
only have to deal with the things which
are in your code rather than you know
something which is going to uh some
third party some open source where they
don't have any control over so that was
one of the major things for the sea part
now coming to the SAS part like there
are a lot of SAS Solutions out there it
can can be open source it can be other
things as well but again like we are as
I mentioned we are more driving towards
us easily you know uh getting to know
the tool but it is more for our
Engineers because they are the people
who are more you know into that code we
don't know the code we only know the o o
overall scenario of what is going on
okay this is happening this particular
service is doing this thing but they are
the daily users of those code and when
it comes to custom rules it becomes
easier for us because with the custom
rules I think we created a lot of our
own custom rules with the help of
Engineers with the help of you know them
taking a stand and creating their custom
rules and I think whatever we have
created it has given us a 100% positive
result like making sure that we have
like authentication in places in many of
the services we making sure that you
know there are there is no bypassing of
some of the
levels and everything so those custom
rules came into the picture at that time
when you know we we wanted to make sure
that all our Engineers are understanding
and uh they are actually creating the
rules so always making sure that you
know by the end of this we will not be
the one who will be creating the rules
they are the one and for that we have
like different like we have a security
Champions program where we you know tell
them they get the first sight of
everything basically in our company so
whatever we are doing they are the
people who are the first uh like looker
of whatever the new tool is coming in
whatever the new features are coming in
and we will tell them why it is good and
start to you know explain them and they
making it uh more and more better for us
so it is always like these two things
when it came for Sam grab we were
choosing Sam grab and these two things
came into the picture and that was the
major thing why we choose SRE also
that's an amazing amazing answer the
thing I liked about this deani also for
our audience here is which is very
technical is it's kind of did in that
technical thing but lots to unpack there
so I'm going to maybe start off on the
uh supply chain side so for the people
in the audience who are not familiar
with reachability analysis that's
something we're going to cover in the
work virtual in the Hands-On lab but
essentially what we do there is we will
actually check if that specific third
party um or or third party package that
you're using
is being used as part of your source
code
not and we yeah um so that's on the
reachability analysis side and that's
where I think deani said uh 80%
reduction in false positive that's
that's actually really really amazing um
uh the other side that we talked about
so let's unpack a little bit on the um
on the security Champions and the custom
rule writing site deani so um I think
most of the audience here should be
familiar with uh the fact that with Sam
um our rules are very transparent you
can actually see what's happening but
what was really interesting for me two
things that stood out one was a 100% fix
rate so what that means is if diani or
if samre shows a uh a vulnerability to a
developer for these custom rules 100% of
those get fixed which means
0% false positives and I think that's an
amazing one but you know and and can you
talk a little bit about this security
Champions program how are you guys
getting your teams to write this any
tips and tricks for the teams here cuz I
think um all of us especially are trying
to collaborate with our engineers and
anything that you guys did which really
helped them grasp of course writing
rules is easy for us but anything that
you guys did there that really made that
successful and getting them to write
would be I think really useful for the
team to uh for the audience to listen
sure so uh mostly at tight what we
majorly do as a proect team is we we
will always perform threat modeling
sessions and the threat modeling
sessions will always cover the
developers even the security Champions
we have given a lot of sessions to them
as well and when you provide them with
these insights they will always have
this thing in mind can I automate
something can I automate you know making
sure that these security uh features uh
you know are enabled and don't end up in
a bad state so when we started to do
this and we started to communicate with
each and every one of them uh we like
the whole team actually performed a very
well job in communicating these things
to you know every owner of every product
and uh with that this automation thing
came comes into the picture so uh they
were more interested in knowing that how
can we include it in our pipelines and
how can we you know make our own rules
uh either it is you know in Java either
it is in Python either it is in
terraform or any other language which
they want to use to make sure that you
know these uh don't end up because
sometimes like after the whole process
when the product is buil they will get a
vulnerability for on that their name
saying that oh you have have not done
this thing or with the security
Champions people saying that okay why we
do have this vulnerability can't we you
know just get rid of it so so when these
things comes they started to you know
contact us they started to understand
like how these custom rules can be
created and started to build these
things with us it's not like all the
engineers are doing it on their own but
started to build these rules with us
having a conversation having a
discussion with us and then ending up in
a manner that now we are at a state that
those custom rules which we have created
have a fixed rate of 100% so people
people have started to you know grasp
that knowledge even with the threat
modeling session we will always tell
them that you know if you want to
automate this you can just use Sam GP on
this one we can let you know how the
custom rules are created we can do all
these things so those kind of
conversations when you put it in their
mind that something can be automated
something can be you know made better
they will always choose that over
getting you know a vulnerability issue
on their
name no absolutely I I love that and
it's again a couple of key things here
um I know in the industry there's
there's a lot of talk now about secure
defaults so hey how can we just check
for automate the checks for these secure
defaults and that's what you guys have
actually implemented in practice at
scale across all of Tide so it's it's
really really brilliant um and the
second thing is right if you enable your
developers you know they want to do the
right thing nobody wants to see
vulnerable code and uh that's kind of
the adoption um now I can also hear lots
of uh teams here saying oh you know I'm
one absc guy or we have a ratio one is
to 50 for absc two devs and custom rules
am I just creating lots of workload for
myself have I would I be the one who's
kind of writing these rules how have you
looked at scaling that out and I know
there'll be a little bit more work for
you but have you guys gotten to a point
where you're getting to a self-service
through the security Champions can you
talk a little bit about that just so
that you know the people can see how
it's been scaled um across your
organization um yeah yeah so mostly what
we do on these instances is when it
comes to like creating their custom
rules uh Engineers want to do things
themselves if we try to you know add
some things in their pipelines without
even letting them know it will create a
little bit of discomfort because it's
their repo it's their particular you
know personal project so they love the
code they are writing so what we do is
we we have provided them with the samre
UI we have told them whatever you guys
want to do you can do in that whatever
you are trying to achieve with
automation you can do that with the like
because I think at TI we are like one to
70 Engineers as in one app engineer or
proad engineer for 70 engineers and uh
we have a security Champion program
which is like good established we try to
tell them regarding okay this is good
and with those people we try to cover
more and more and more audience so that
people can understand why it is
important and it will be their job to
you know make this automation make sure
that they are you know uh like tuning it
down tuning the rules tuning it like in
a way that they want to do rather than
us doing it because if we start to do it
we will do it in a manner that it will
start to block stuff but they want to
monitor stuff they want to see like how
it is working out first and then start
to you know block the thing so it
creates like a environment Plus at tide
we always believe in like security
education we will always want them to
educate regarding okay what is s so we
will have a full communication to the
whole business regarding okay this is
the new thing which we are coming up
with if you have any questions just let
us know there will be good pages
regarding you know how this can be done
how you can automate stuff with your own
thing how you can create these rules so
many people reach out to us individually
asking us like what is this what it is
about uh with the new features also if
they see any new features in Sam CP or
any other tool they will always reach
out to us saying that how can I enable
it in our
system that's brilliant that's brilliant
I love that I love the concept of hey
this is not my absc tool you're
democratizing it for your developers
because finally in order for tide to get
benefit from it the developers need to
use it and I love the collaboration the
way you kind of you know disseminating
the knowledge there um talking of new
features there's a couple of new
interesting things that semrep has
launched over the last six months so one
of them was the AI capabilities which we
call samre assistant the other one is
we' introduced lots of different ID
Integrations for vs code um jetbrains
products like intellig py Cham
Etc um where is tied in that Journey are
you guys and you know maybe personally
yourself how you're using it as well as
the adoption with with with some of the
some of the teams as well yeah so uh uh
I feel like that grip is fast growing to
be honest with all these features and uh
specifically with AI we are very keen to
get AI integrated it's just that we need
to you know pass some processes at TI to
get it integrated but personally because
I do have a personal you know my it up
my zreb account as well where I do the
scans and I love the fact that how AI
works because it's just like
communicating getting the answers on the
go rather than you know us
sorry about that worri uh rather than
you know when somebody's raising a PR
they'll just get like a SRE board saying
that oh you have done this mistake or
you have you know got a vulnerable
function here but people don't
understand even though like you guys
give a good description people sometimes
don't understand like why it is
vulnerable what will happen with that so
with the AI enabled assistance you can
actually you know communicates with
somebody rather than Googling it
separately oh how this can work you know
going through a lot of pages you can
just talk to AI saying how it can be
vulnerable uh how can I protect it
what's the remediation about it and
people just get the answer on the go
rather than you know working sitting
back okay I'll you know Google searches
maybe next time just because I am in a
hurry to launch this to production right
now right so those kind of things I
guess and I love the feature because it
gives me good remediation answers on on
the go and I can again change my code at
that point raise another PR and that's
gone so those are major factors which I
like about it the other thing is uh with
the new approaches like ID as I
mentioned our developers are very keen
to know about new things so I think one
of the developers at I like reached out
to me saying that okay srip is an ID how
should I use it how can I use it so now
we are like trying to get it embedded in
the idees asking everybody to how you
can embed it uh because there are a lot
of ID so it will again shift left from
the beginning itself even not in GitHub
or git lab or bit bucket even in the
beginning when they are actually
developing the code they can just get
these things done right so those are
kind of things like where Sam grip is
like winning a lot of Hearts of
everybody okay and plus uh the third
thing which came out very recently
secret scanning and I think uh that is
something which we need to look at in
into the future because uh we have seen
a lot of Secrets being disclosed in
different different even in open source
projects there are a lot of Secrets
which can be disclosed right so uh srep
is like giving out those things uh
specifically uh the way like there also
the major thing is reduction of false
positive because srep came to this
approach by making sure that secrets are
not disclosed in a manner that no they
are deactivated why because this check
whether those are active Secrets or not
so that is the major thing which I think
srep is winning over any other Tool uh
right now because that will give
everyone a time to only work on the
things which they care about if it is
deactivated they might not care about it
they'll just say that it's deactivated
it's like one year ago something came up
and now we have rotated everything why
it is showing us there so it's more and
more of that Progressive approach where
you guys are making sure sure that you
know less false positive less making uh
Engineers Drive crazy regarding oh I
don't need to fix this thing I just want
to make sure that you know I'm fixing
the things which are important to me so
I think those are the kind of things
that srep is winning over and in future
I am very keen to get these
integrated brilliant love that love that
um always very exciting for me to hear
when a developer comes to appsc and says
give me more security ity and that kind
of talks to the the capabilities of the
product around you know reducing those
false positives reducing the friction
enabling those developers and the
approach deani you and your team uh at
tide have taken in in that uh
collaboration um just checking are there
any questions Raj uh on the chat or
anything else we might have time for
maybe one or two questions before we let
deani go I think we're kind of running a
little bit behind but uh uh if not we'll
maybe uh no I don't see any
questions brilliant no thank you so much
deani really appreciate your time uh
please give deani a big round of
applause uh for joining us um today and
uh yeah uh you're happy to stay with us
for the rest of the session if you want
uh but I'm I think you you'd be able to
deliver the session then go through it
so uh but thank you again I really
appreciate it thanks a lot for inviting
but yeah thank you so much I have other
meetings to do so yeah I'll jump off now
but thank you so much for
[Music]
inviting
Weitere ähnliche Videos ansehen
GitLab: DevSecOps: Part 1/12: What is GitLab? The fundamental concepts of a DevSecOps pipeline.
Fuzzing (fuzz testing) 101: Lessons from cyber security expert Dr. David Brumley
How to Build a Product Security Roadmap
Working at Google as a Cloud Software Engineer
Розділ 16: Основи мережної безпеки CCNA-1
What Is Physical Security?
5.0 / 5 (0 votes)