We need a standard that eventually we won't follow

Tomorrow I’ll deliver a talk @SMAU, an Italian ICT… I don’t know how to describe it… may be expo can be good. It’s not a technical conference, well in Italy we don’t have a proper culture of having fun and interesting technical conference. A decade ago it was a broaden event open to customers and the main goal for visitors was to collect gadgets.

Now it’s open to ICT people, with vendors and sales vaporware men and few technical contents.

Mine is not.

Am I going to the dark side of the force?

Tomorrow I’ll deliver my first nontechnical talk. I won’t show ruby snippets or cross site scripting examples. Tomorrow I’ll talk about processes and about creating the culture of application security in the enterprise.

But I will deliver the talk using a scorecard. I hope serious business men won’t be offended by participating to a game.

Creating the culture of having fun

Culture is important. It gives you happiness in your workplace and since you’ll spend (at least) a third of your life working, it’s far better trying to have fun and have yourself engaged in what you do. If your boss thinks otherwise, he has some problem, maybe he has strong mental schematic about being sad means being focused.

Bullshits. Work can eventually be hard and sometimes you will dream about some resting on exotic island instead of your command prompt, but your work must amuse you.

That’s the reason why for the scorecard I but facts in a game like fashion instead of using #opensamm, #asvs or other standards. Standards are the way, you must have it on your desk and you have to read it… but you must found an amusing way to use it.

The talk will be out in Italian first, sorry for that. I will translate scorecard in a month maybe, I’m not working on #duskscanner and #dawnscanner and those are my priorities.

What about you? Are you a serious dark looking appsec guys or do you try to add some spicy in your appearence?

Image courtesy by Magalie Chetrit Enjoy it.

comments powered by Disqus