Darren Meyer 

@darrenpmeyer@infosec.exchange
469 Followers
106 Following
77 Posts

A Gray Jedi Capybara / weirdo geek into socio-technical systems resilience. Part-time #coffee and #Arduino nerd. If you “move fast and break things”, I’m the one who makes you clean up. #devsecops and #securityResearch focused on #appsec and #productSecurity.

Do not bother to follow me if you have anything against LGBTQIA+ folks, I have no patience left

- Security Research Advocate for Checkmarx;
- Managing Principal Consultant for Substance 36 LLC;

Opinions here are mine alone, not necessarily shared by organizations I work with or for

#embedded #espresso #biking #electronics

bloghttps://darrenpmeyer.com/
photoshttps://pxlmo.com/darrenpmeyer
Darren Meyer 6d ago
I love that there are still cons where a talk about repurposing junk into satellite RF observatories is well attended. #SecretCon
Show threadDarren Meyer Jun 9
Practically speaking, if you want to do business with the US government, you're still going to want to meet those requirements unless you have a fairly narrow scope of business that only includes agencies that won't adopt such requirements. The backing off from standardization across the whole federal space is disappointing from a security and safety standpoint, but isn't really surprising given the administration's priorities and related positions.
Darren Meyer Jun 9

I haven't digested the whole new Cybersecurity EO, but I did skim for AppSec-relevant stuff and it seems like it rolls back some of the standardization push.

Orgs no longer need to universally supply #SBOM docs or produce machine-readable #SSDF attestations. BUT, any agency that codified those requirements doesn't have to undo them, and it seems like agencies can still adopt those requirements on their own going forward, too.

Darren Meyer Jun 3

I know, I know: "RSS is dying". Well, I still use it, and I bet some of you do too! Which is why I'm happy to announce that the #CheckmarxZero research blog now has an #RSS feed: https://checkmarx.com/feed/?post_type=zero-post

Autodiscovery is coming soon, but you can pop that into your feed reader of choice today!

Darren Meyer May 15
Ben Rothke speaking at #Secure360 on "Design before implementation"; looking forward to his insights about the importance of methodological thinking in making security technology rollouts successful
Show threadDarren Meyer May 14
‘Anything you share with #ChatGPT or any #AI chatbot should be treated as if you’re posting to public social media’ says Tabac #Secure360
Darren Meyer May 14
Getting ready for the #Secure360 #Keynote for Day 1: hacking social media live, Rachel Tabac
Show threadDarren Meyer May 14
One of the best talks at #Secure360. Data-driven, clearly explained, actually interactive and open to questions.
Darren Meyer May 14
Jay Jacobs on “Predicting Vulnerability Exploitation” at #Secure360. Should be good, as he’s done #DBIR and currently major #EPSS leader.
Show threadDarren Meyer May 14
A nice intro for those who haven't been tracking this topic: a few good examples of risky behavior recommended by #LLM and a few examples of using an LLM to make attacks easier (despite some degree of guardrail in place by LLM agent providers)