Catching up

I’m starting to become that guy that I always laughed at at the office–staying up late working while the wife and family go to sleep around him. It isn’t that funny when it happens to you, though.

We’re in the final run to a big release, coming out in a week, and the days are packed between now and then–getting ready for my webinar tomorrow, two back to back big demos next week, lots of work coming on the horizon. I love this feeling when I’m on the cusp of a lot of big things happening, but already I’m looking forward more to beginning the next phase of work than I am to the release. There’s just so much waiting to be built. Maybe that’s why I never took to product marketing. I like building things more than talking about them.

Backstage at the Hatch Shell, July 4, 2010

At rehearsal at the Hatch Shell

This weekend I had one of those eerie experiences where you step into a picture you’ve always watched, but never imagined yourself in.

When I was growing up, the Fourth of July meant band concerts at Fort Monroe–if you’re growing up in Tidewater Virginia, military base concerts are your best bets for live music and fireworks–but it also meant the Boston Pops on TV. I remember vividly watching in the late Fiedler years, then later in the John Williams era. I made a pilgrimage to see the event in person in 2001, at the dawn of this blog. When we lived in Seattle we’d watch the show televised from the Hatch Shell and think about being in Boston. When we moved back to the area, we watched on the big screen at Robbins Farm Park, or else simply flaked out in front of the TV (the best place to watch the Aerosmith spectacle from a few years back).

But I never dreamed I’d be singing on the stage, in front of about 800,000 people. We had a warmup concert on the 3rd with an audience in the tens of thousands, but it was no preparation for the crowds, the heat, and the excitement. The music for a July 4 concert can be expected to be the usual patriotic numbers, and this year did not disappoint, but there were also some truly moving moments, such as the tribute to the Kennedy brothers–which, judging from the feedback on Twitter was a highlight of the show (at least for some). I hope we get a chance to do the show again soon–maybe with a few more lyrics and less humming.

See also: my photos from the weekend.

Grab bag: Trailblazers and dilemmas

Doing secure development in an Agile world

My software development lead and I are doing a webinar next week on how you do secure development within the Agile software development methodology (press release). To make the discussion more interesting, we aren’t talking in theoretical terms; we’ll be talking about what my company, Veracode, actually does during its secure development lifecycle.

No surprise: there’s a lot more to secure development in any methodology than simply “not writing bad code.” Some of the topics we’ll be including are:

  • Secure architecture — and how to secure your architecture if it isn’t already
  • Writing secure requirements, and security requirements, and how the two are different.
  • Threat modeling for fun and profit
  • Verification through QA automation
  • Static binary testing, or how, when, and why Veracode eats its own dogfood
  • Checking up–internal and independent pen testing
  • Education–the role of certification and verification
  • Oops–the threat landscape just changed. Now what?
  • The not-so-agile process of integrating third party code.

It’ll be a brisk but fun stroll through how the world’s first SaaS-based application security firm does business. If you’re a developer or just work with one, it’ll be worth a listen.