I am a manager/consultant in application security (appsec).
I created this site to explore foundational theories, themes and practices in appsec whilst working to support software engineering teams to identify, adopt and mature their practices in software security.
I share what I consider to be field notes i.e. rough and ready thoughts, feelings and learnings from my real-life experiences in appsec. I also share theoretical things from academic learnings and resources which I find useful.