Skip to main content

Chris Kirsch

Chris Kirsch works on the products team at Veracode and has 20 years of experience in security, particularly in the areas of application security testing, security assessments, incident response, and cryptography. Previously, he managed Metasploit and incident response solutions at Rapid7 and held similar positions at Thales e-Security and PGP Corporation. He is the winner of the Social Engineering CTF Black Badge competition at DEF CON 25.

Posts by Chris Kirsch
  • Live from Black Hat: Breaking Brains, Solving Problems with Matt Wixey

    Solving Puzzles has been a very popular pastime for InfoSec professionals for decades. I couldn’t imagine a DefCon without the badge challenge. At Black Hat 2020 Matt Wixey, Research Lead at PwC UK, didn’t disappoint as he presented on parallels between puzzle-solving and addressing InfoSec problems. Puzzle (and problem) solving can be taught Solving a puzzle and a problem is very similar. They… READ MORE

Stay up to date on Application Security

  • Live from Black Hat: Hacking Public Opinion with Renée DiResta 

    Psychological operations, or PsyOps, is a topic I’ve been interested in for a while. It’s a blend of social engineering and marketing, both passions of mine. That's why I found the keynote by Renée DiResta, Research Manager at the Stanford Internet Observatory, particularly interesting.  The Internet Makes Spreading Information Cheap & Easy  Disinformation and propaganda are old phenomena … READ MORE

  • Live from Black Hat: Practical Defenses Against Adversarial Machine Learning with Ariel Herbert-Voss

    Adversarial machine learning (ML) is a hot new topic that I now understand much better thanks to this talk at Black Hat USA 2020. Ariel Herbert-Voss, Senior Research Scientist at OpenAI, walked us through the current attack landscape. Her talk clearly outlined how current attacks work and how you can mitigate against them. She skipped right over some of the more theoretical approaches that don’t… READ MORE

  • Live from Black Hat: Healthscare – An Insider's Biopsy of Healthcare Application Security with Seth Fogie

    Healthcare providers heavily leverage technology. In his talk, Seth Fogie, information security director at Penn Medicine takes apart different vendor systems at the “fictitious” Black Hat Clinic. Fogie gives a lot of examples and drives home the point that you shouldn’t just look at network security … you have to dig deep into the applications to ensure the security of your data. Following the… READ MORE

  • Live From Black Hat: Stress-Testing Democracy - Election Integrity During a Global Pandemic with Matt Blaze

    Technology and elections are heavily interrelated – but it wasn’t always that way. We started to adopt technology once we weren’t able to fit everyone into a town hall. The first piece of technology was simply a piece of paper and a ballot box. We may not think of it as technology, but the ballot box can be tampered with.   That technology gave us ballot secrecy, a trait that a hand-raise in the… READ MORE

  • Evaluating and Selecting AppSec Vendors to Fit Your Business Needs

    Application security (AppSec) has seen quite an uptick over the last 10 years, with no signs of slowing down. When your organization is ready to tackle the challenge of building a strong AppSec program, you may find yourself wondering where to plug in various tools and solutions – and even where to start with comparing AppSec vendors. How can you properly evaluate the marketplace and select the… READ MORE

  • Live from AWS re:Inforce: Learnings from Security Enablement for DevOps at AT&T

    This week, AWS ran its inaugural security conference AWS re:Inforce in Boston. There were several interesting talks at the conference, and I found John Maski’s presentation, “Integrating AppSec in your DevSecOps on AWS,” contained great practical advice. Maski worked for AT&T for 32 years, with his most current role being Director, Production Resiliency & DevSecOps Enablement. He recently… READ MORE

  • Live From Gartner Security & Risk Mgmt Summit: Starting an AppSec Program, Part 2

    This is part two of a two-part blog series on a presentation by Hooper Kincannon, Cyber Security Engineer at Unum Group, on “Secure from the Start: A Case Study on Software Security” at the Gartner Security & Risk Management Summit in National Harbor, MD. In this presentation, Hooper provided a great blueprint for starting a DevSecOps program. In part one, I summarized how Hooper got buy-in… READ MORE

  • Live From Gartner Security & Risk Mgmt Summit: Starting a Web Application Security Program

    Bootstrapping an application security program is hard. Technology is only one part of the equation. You need to inventory your applications, get stakeholders on board, and then execute on the holy trinity of people, process, and technology. That’s why I was excited to see Hooper Kincannon, Cyber Security Engineer at Unum Group, present on “Secure from the Start: A Case Study on Software Security… READ MORE

  • Live From Gartner Security & Risk Mgmt Summit: How to Approach Container Security

    Container security is a topic most security practitioners still find confusing. It’s a new technology that’s spreading fast because of its numbers benefits, and security implications and solutions are evolving just as fast. That’s why I really appreciated Anna Belak’s session “Container Security – From Image Analysis to Network Segmentation” at the Gartner Security & Risk Management Summit in… READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.