Darren Meyer 

@[email protected]
472 Followers
103 Following
28 Posts

A Gray Jedi Capybara / weirdo geek into socio-technical systems resilience. Part-time #coffee and #Arduino nerd. If you “move fast and break things”, I’m the one who makes you clean up. #devsecops and #securityResearch focused on #appsec and #productSecurity.

Do not bother to follow me if you have anything against LGBTQIA+ folks, I have no patience left

- Security Research Advocate for Checkmarx;
- Managing Principal Consultant for Substance 36 LLC;

Opinions here are mine alone, not necessarily shared by organizations I work with or for

#embedded #espresso #biking #electronics

bloghttps://darrenpmeyer.com/
photoshttps://pxlmo.com/darrenpmeyer
Darren Meyer 3d ago
Show threadTyrone Slothrop3d ago

I can barely go on vacation for a week without some of the buttons in my work tools moving around. Every month, there’s a hot new concept that I must absolutely learn about, even though it has no apparent benefit.

Now LLMs have brought UI development into its FrontPage era - a time when everyone can build a thing, but most people really shouldn’t.

Darren Meyer 3d ago

Hadn't lost my voice in years, now it's been twice in the past 6 months?!

This getting older thing is bullshit

Darren Meyer 4d ago

RE: https://defcon.social/@defcon/116716867864034519

Welp, I’m officially old and out of touch; I recognize three of these …

Darren Meyer 5d ago

I’m enjoying being able to teach again (mainly through my work with Katilyst)! But I do still miss longer, more-interactive, in-person instruction.

It’s hard for orgs to make that happen now, I get it. But I still think it can be one of the best ways to teach certain topics. Plus the vibe is better, it’s easier to play, and much easier for the class to focus.

Darren Meyer Jun 5

I'm not turning up results searching, so I'm turning to some old fashioned #crowdsourcing / #lazyweb :

Has anyone done a degree of rigorous testing on accuracy of open data sets for malicious open-source packages? Even just a random sample of GHSA or OSV malware flags assessed for accuracy would be helpful.

If it has both precision and recall data, bonus points! But I'll take what I can get.

Darren Meyer Jun 5
ZAPJun 5
ZAP now has a dedicated PTK active scan rule, so you can run the PTK rules in the ZAP active scanner.
Check out the dramatic improvement in the scores vs Google Firing Range!
https://www.zaproxy.org/blog/2026-06-05-automating-owasp-ptk-with-zap-phase-2/
#zaproxy #owaspptk #appsec
Automating OWASP PTK with ZAP (Phase 2)

ZAP now has a dedicated PTK active scan rule, so you can run the PTK rules in the ZAP active scanner. And there are still more changes planned, but the results against Firing Range have been dramatic!

ZAP
Darren Meyer Jun 5

Man that was a much needed break from being on social media constantly. There are definitely things I missed, but there's a lot more I didn't.

I did definitely miss being in the loop on some of the cool projects though!

Darren Meyer Feb 28
It’s officially Spring when the #LEGO Bonsai gets switched over to the tiny frog blossoms.
Darren Meyer Dec 23
I’m honestly burnt out on Christmas consumerism. Y’all do what makes you happy, but I’ve asked everyone not to buy me anything. If someone really feels motivated to do something for me, donate to Engineers Without Borders, your local high school robotics club, or your favorite under-funded open-source project.
Darren Meyer Apr 28, 2025
I know I'm increasingly in the minority, but I can't stand learning most things from videos. If you must share information by making a video, please *please* also make it available to read.