What if instead of trying to patch stuff that’s broken we fix it before it gets to the user? What if we got security tools to devs that were easy to use, and that could catch, flag, and fix real vulns before they ship?

That’s what excited me about Semgrep, their clarity of vision to build security tools that devs will actually use, and that security teams can trust.

Excited to share that I’ve joined Semgrep as a Staff Security Advocate!

I will be at RSA and BSidesSF, feel free to say hi!