“I wonder why clothes don’t fit me”

#WeHackHealth #Workout #Progress #WomenWithMuscles #Infosecsie

Last workout of the year! Did some glutes and hammies followed by the stair stepper!

I dislike most cardio activities. Lol. It’s why I usually play DDR for that.

#WeHackHealth #Infosecsie #Fitness #Workout

It’s just me trying to actually look put together for a change instead of perpetually wearing sweats.
#infosecsie #outfit #ootd #fashion

Love having the leg room mostly to myself.
#WeHackHealth #Infosecsie #Fitness #LegDay

🚨 BREAKING 🚨
Republican introduces a bill that would cover all naked bodies with magic censor bars that only appear when clothing is removed.
“Nudity just shouldn’t exist” the senator was quoted late last week while covering statues at art museums with giant leaves.
#shitposting #news #infosecsie

Both me and one of my dogs got a haircut today! uwu #infosecsie #haircut

Baby got back

#fitness #wehackhealth #womenwholift #infosecsie

I’m writing a blog about DevSecOps and Shift Left concepts. Something I’ve noticed is that in a lot of organizations I’ve talked to, there exist swaths of people who don’t even take application security into consideration as a part of their overall security strategy. (Even post log4j/log4shell.)

There have been times I’ve asked security leaders, “What are you currently doing to secure your SDLC?” and they respond, “Oh, sometimes we pentest the website or do some bug tests on the applications.”

There’s no SCA, no SBOMs, no SAST, no PR scanning, no container scanning, no DAST, no CI/CD gating, you name it.

I often hear, “We’re getting ready to do that” or, my favorite phrase, “We’re in the process of starting.”

This isn’t meant to ridicule anyone. This is more of me thinking to myself, “Wow, more information about this topic is needed.”

There’s a lot of articles, blogs, how to’s, courses, and other avenues that exist to explain these very things, but adding another one into the ether can only help, right?

#infosec #securitystrategy #devsecops #applicationsecurity #blog #infosecsie

Here is an #introduction post of sorts!

Maybe some of you have already been following me. In case you weren’t, don’t know who I am, or want to know more: Fear not!

I’m just a chonky purple raccoon that loves carbs and deadlifts! (My avatar has a name! It’s “Mittens”!)

That’s it! That’s the post. 👋

But, no… For real! My name is Stacy and I’m a Senior Solutions Engineer. I currently work in Cybersecurity Education and Training, but prior to that, I’d worked as an Information Security Analyst for a CISO of a sizable financial organization and was a Security Engineer and Solutions engineer at two other cybersecurity vendors, respectively.

I like to say I “specialize” in Security Strategy, Leadership, Security Awareness, Mitigating Human Risk, as well as high-level Cloud and DevSecOps Security and Compliance.

Aside from all that, I enjoy public speaking, learning new things, solving problems, creating art, making comics, writing blogs and stories, working out, powerlifting (aka picking up heavy things and putting them down again), playing video games, watching animation and anime, cosplaying, hanging out with my partner (who is a pentester), and doing the most good!

Now that you know what gets me that sweet, sweet dopamine, you may also be interested in knowing what I’m passionate about: Diversity, equity, inclusion, mental health, and advocating to minimize harassment, discrimination, bigotry, abuse, domestic violence, and sexual assault.

Anyway! It’s great to see an amazing #infosec #community being built here!

(Note: I don’t *always* post about work or infosec-related stuff, especially when I’m not at work (as to not burn myself out), so expect a slice of life and variety of things from me!)

#infosecexchange #informationsecurity #cybersecurity #artist #writer #powerlifter #engineer #womenwholift #wehackhealth #infosecsie