Hello my wonderful friends. I cannot tell you how much fun it was to see and meet-for-the-first-time so many of you in Las Vegas last week! THANK YOU for making time for me. Below are many friends I got to see last week, including Jarrod and Chad!

I resigned from Semgrep. 

Yes, you heard that right! After 2 exciting and very fast paced years, I am going back to what I know best: entrepreneurship. I’ve been running my own business since I was old enough to do so, and I know that I am the best boss for me. I have also found it hard to keep up with the requests for training and speaking, while doing a full time job, and with this change I will have lots of time for all my clients, new and old. I am also planning to create a LOT more content moving forward, as well as figure out a new community platform so I can hang out with my people more often (that’s you!). Please stay tuned for exciting new developments!

PS: I’m looking for training & speaking gigs, startup advisory positions, and I’m currently training up so I can be on a public board.

A Petition?

More news: I have created a petition to ask the Canadian Public Service (Canada’s government) to adopt my secure coding policy. If you are a Canadian, please consider signing. If you know you’re MP and think they might be willing to talk to me, please make an intro!

I was asked for some content on threat modelling last month and I actually wrote something! Please check out What is Threat Modeling on my blog.

Orchestrate your most important workflows today with Tines Community Edition

Tines breaks down barriers across systems with fewer duplicate efforts, unnecessary alerts, and information silos.

Build, run, share, and monitor workflows safely and securely within minutes with Tines Community Edition. It's free to use and includes enterprise-grade features like Action templates, reporting, SSO/SAML, and more. Sign up now - no credit cards or sales call required!

New Content!

• Want to learn to write more secure code? Check out my video on 30 Tips for Secure JavaScript with Anti-Syphon! Here’s another video of me doing it for NDC Oslo!

• What is Threat Modeling - an introductory blog

• Is my new petition considered content? You be the judge.

Events!

• Aug 21, 9:00 am PST, Hacker Summer Camp 2025 Debrief with ReversingLabs, free webinar with Paul Roberts, Faisal Farooq and myself, PLUS they are giving free copies of my book if you attend!

• Sept 10 and 11 2025, GoSec in Montreal, Quebec, Canada

• Sept 19th, half day, live, virtual, Anti-Syphon Training Workshop: The OWASP API Security Top Ten 2023 with Tanya Janca, $25-$150 sliding scale

• Sept 30-Oct 2 - SecTor Conference in Toronto, Canada! In person!

• October 9-10, Wild West Hackin’ Fest - Deadwood, virtual talk!

• November 5, 2025 OWASP 2025 Global AppSec USA (Washington, DC), My training is $850, 1-Day Training: API Security: Hands-On Secure API Design & Hardening

• Nov 6-7, 2025 OWASP 2025 Global AppSec USA DC waiting to see if one of my talks are accepted, but either way I will be there as I get a free ticket for being a trainer.

• December 1-2, Training Session at NDC Manchester, AI & Security Secure Coding & API Hardening: Hands-On Secure Design, Development, and Threat Modelling

• December 3-4, NDC Manchester, AI & Security, Manchester, UK, I will be giving TWO talks!

• December 5th - OWASP London (tentative), in person! Free!

• Feb 10-13, 2026 - Wild West Hackin’ Fest - Mile High, I will be giving training and also a talk! In person!

We end with a meme.