about joe

My name is Joe Basirico, by day I help people build secure software. I lead a team of the most talented security experts in the world at Security Innovation to perform security assessments and help our customers reduce their risk against the ever-present threat of hackers and other ne'er-do-wells.

I started a non-profit, Technically Learning, a few years ago with the help of some friends to help kids, particularly girls and minorities, get excited about the STEM fields. Technically Learning recently merged with code.org an amazing new non-profit looking to bring Computer Science to all public schools in the US.

On this site you'll find links to all of my projects, programming projects, research, a blog and more. Learn more about me »

10/9/2017 - Posted by joe

It's no secret that more and more companies are jumping on the Bug Bounty Program band wagon, and for good reason, there is a lot of value to be had there. However, rolling out a Bug Bounty Program (BBP) before you have done your own due diligence can often cause more problems than it solves.

Bugcrowd, one of the largest bug bounty program service providers touts that within the first two weeks a typical company with a new BBP will see 5 critical vulnerabilities, 70 unique vulnerabilities and 200 total vulnerabilities. Those are impressive but potentially overwhelming stat ...

read more...
8/1/2017 - Posted by joe

The cloud brings scalability, reliability and security features that allow companies of all sizes to run their online business efficiently. These powerful capabilities often bring a false sense of a "security is already done" mentality and organizations are prone to take a more relaxed approach to their security efforts. Additionally, while many of the cloud platform features are "built-in", that doesn't mean they are optimized for your organization out of the box - they still be analyzed in the context of a larger security strategy and re-evaluated frequently.

The ...

read more...
7/11/2017 - Posted by joe

Being a manager is difficult. It's sometimes difficult to know what tasks you should do yourself and what you should give to your team. I've adopted the Delegate then do methodology for myself.

Delegate everything you can to anybody on your team who can accomplish the task. Do this by default. Give your team the benefit of the doubt, and give them difficult tasks that they'll have to rise to the occasion for. Make sure they're supported and set up for success, but don't hold back a tasks for somebody on your team because you're not sure. You must push to grow.

...

read more...