Pieter Danhieux is the Chief Executive Officer, Chairman, and Co-Founder of Secure Code Warrior.
In 2020, Pieter was recognised as a finalist in the Diversity Champion category for the SC Awards Europe 2020, and was awarded Editor's Choice for Chief Executive Officer of the Year by Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine. In 2016, he was No. 80 on the list of Coolest Tech people in Australia (Business Insider), awarded Cyber Security Professional of the Year (AISA - Australian Information Security Association) and is member of the Forbes Technology Council.
Pieter is also a Principal instructor for the SANS Institute teaching military, government and private organisations offensive techniques on how to target and assess organisations, systems and individuals for security weaknesses. He also serves as an advisory board member of NVISO, a cyber security consulting company in Europe. Before starting his own company, Pieter worked at Ernst & Young and BAE Systems. He is also one of the Co-Founders of BruCON, one of the most awesome hacking conferences on this planet.
He started his information security career early in life and obtained the Certified Information Systems Security Professional (CISSP) certification as one of the youngest persons ever in Belgium. On his way, he collected a whole range of cyber security certificates (CISA, GCFA, GCIH, GPEN, GWAP) and is currently one of the select few people worldwide to hold the top certification GIAC Security Expert (GSE).
Chief Executive Officer, Chairman, and Co-Founder
It is clear from the Australian Government's push to get serious about cybersecurity that it has been identified as a key risk area on a national level, but is their strategy reaching far enough?
The latest Executive Order from the US Federal Government touches on many aspects of functional cybersecurity, but for the first time, specifically outlines the impact of developers, and the need for them to have verified security skills and awareness.
I could have started this article with all the facts and figures indicating a thriving, hyper-growth startup; they are undeniably impressive and our ongoing company trajectory is strong. However, for me, these numbers don't reflect what I am most proud of in 2019.
Our birthday milestones are a wonderful reminder to reflect on the fruits of our labor, celebrate the team, and tackle the year ahead with confidence. And now, seven years since inception, I’m left wondering: Have we done it? Is this a real company yet? Of course, we have reached maturity, but I sure hope we never lose the sense of curiosity, passion, and geekiness we’ve had since the beginning.
This week, we officially celebrate eight years of Secure Code Warrior. On the one hand, that’s 350 times the length of the Apollo 11 mission, as well as the equivalent of 45,000 games of football, or playing Super Mario Odyssey 5696 times to the end. On the other, it’s just one-thirtieth the lifespan of a Giant Tortoise (250 years, if you’re wondering). In the world of a high-growth startup, it represents a journey of many twists, turns, lessons, and accomplishments, many of which were unimaginable when we were first inking our business plan.
The idea behind contact tracing apps is sound. This technology, when functioning well, would ensure hotspots are quickly revealed and comprehensive testing can occur - both essential components of fighting the spread of a contagious virus.
How are developers supposed to write secure code if nobody ever teaches them about why its important, the consequences of insecure code, and most importantly, how to prevent writing these vulnerabilities in their respective programming frameworks in the first place?
Teen security researcher, Bill Demirkapi, exposing major vulnerabilities in software used by his school certainly brought back some memories. I remember being the curious kid, lifting the hood on software to take a peek underneath and see how it all worked... and if I could break it.
Empowering developers to write secure code from the start is an opportunity for CISOs to seize some proactive control from the security predicament, and where there is the chance for fast, easy and measurable improvements for both security and development teams.
In cybersecurity, we are often like hunters. Our eyes are firmly glued to the horizon, scanning for the next breakout vulnerability. However, this forward-looking focus can have the surprising effect of dampening our overall security awareness.
Software security is always front-of-mind for me, as is the very real danger posed by our increasingly digital, personal information-sharing lifestyles. After all, we are in a largely unregulated, unsupervised and blissfully ignored territory. We're in the Wild West.
This year, the PCI Security Standards Council released an all-new set of software security guidelines as part of their PCI Software Security Framework. This update aims to bring software security best practice in-line with modern software development.
The advent of the digital darling of the moment - the metaverse - adds a vast new attack surface for both code-level vulnerabilities and social engineering. And we’re simply not prepared for battle on this new playing field that thrives on smoke and mirrors.
While regulatory initiatives will undoubtedly improve and grow over time, if organizations are already hitting the panic button and leaping into training now, they might just find themselves ill-equipped for the future.
With the advent of GDPR, as well as a revised strategy following a multi-stage attack that exposed the sensitive data of many public figures - as well as servers in the German federal government - it is clear that cybersecurity awareness and action are front-of-mind for leaders in the DACH region.
The perception of what constitutes the act of secure coding is up for debate. According to recent research in collaboration with Evans Data, this sentiment was revealed in black and white. The State of Developer-Driven Security 2022 survey delves into the key insights and experiences of 1200 active developers, illuminating their attitudes and challenges in the security realm.
Our VP of Customer Success, Fatemah Beydoun, recently presented her talk, "Mentoring for the future: How we can all do better in fostering female cybersecurity talent" to a very receptive audience. She has been an integral part of driving positive change within the cybersecurity industry.
While secure coding needs to become a mandatory component of software engineering at the tertiary level, some universities are leading the charge in providing top-notch training and prioritizing security as part of the development process from the very beginning.p
While VxWorks isn't a household name to the average consumer, this software product benefits many people just like you and me, each and every day. And now, we are faced with the possibility that hundreds of millions of VxWorks-powered devices are now compromised.
We must work to change the conversation, to make security an integral part of every developer's working life. And I think one of the best ways to do this is by empowering and engaging with developers on security through, for example, gamification.
It’s that special time of the year (for us, anyway) where I reflect on our most recent lap around the sun, and what has been done in the previous 365 days to position us for a new year of growth, lessons, and inevitable unpredictability.
Don't you think it's time we gave security a makeover? It's as simple as changing the conversation and making everything a little more positive (not to mention fun!) for both sides, especially the development team.
The software security industry isn't exactly known for its warm and fuzzy feelings, whimsical observations and life commentary, but, perhaps as I get older, I find myself reflecting on the impact we can all have in the world.
With cyberattacks on the rise - affecting every type of organisation in every vertical - the threat of expensive, embarrassing and bottom-line-affecting data breaches is very real. The problem is not getting smaller, it's growing like a tumour.
In our industry, many security experts have started predicting the hot-button issues for the year, but with more than five billion sensitive data records stolen in 2019, we figured it would be more accurate to predict what won't be happening in cybersecurity in the foreseeable future.
By helping define the responsibilities of our apps and software within a tight hierarchy, and enforcing those policies with least privilege, we can make sure that our apps and software also survive and thrive despite the threat landscape arrayed against them.
The Open Source Software Security Mobilization Plan represents a positive step for developer-driven security. However, we must all take stock and honestly assess if we're mature enough in our organization - and if our development teams have the right level of security awareness and skills - to implement the latest and greatest defensive strategies.
Addressing hot-button issues like how to make the most of an organization's AppSec budget, as well as several curly questions from the audience, the Leaders in AppSec panel delivered some real morning magic that will help security specialists build out viable programs within their organizations.
We’re not getting realistic advice, nor the fastest solutions, to combat the non-stop onslaught that is modern cybersecurity. Of course, each breach is different in its own way, and there are numerous attack vectors that can be exploited in vulnerable software. Feasible generic advice will be limited, but the best practice approach is looking more flawed by the hour.
Earlier this year, the PCI Security Standards Council revealed version 4.0 of their Payment Card Industry Data Security Standard (PCI DSS). While organizations won’t need to be fully compliant with 4.0 until March 2025, this update is their most transformative to date, and will require most businesses to assess (and likely upgrade) complex security processes, and elements of their tech stack. This is in addition to implementing role-based security awareness training and regular secure coding education for developers.
While it is looking inevitable that LLM-style AI technology will change the way we approach many aspects of work - not just software development - we must take a step back and consider the risks beyond the headlines. And as a coding companion, its flaws are perhaps its most “human” attribute.
We announced the closing of our Series-C funding round, having raised USD $50 million towards the next phase of our mission: helping more pioneering organizations harness the power of their development cohort in thwarting common vulnerabilities.
Fresh off the back of our Series C funding announcement, I am thrilled to announce another step in our company’s journey. Security industry leader, Synopsys, has welcomed an exciting new addition to its product suite: Synopsys Developer Security Training, powered by Secure Code Warrior.
A critical vulnerability, CVE-2024-3094, was discovered in the XZ Utils data compression library used by major Linux distributions, introduced through a backdoor by a threat actor. This high-severity issue allows for potential remote code execution, posing significant risks to software build processes. The flaw affects early versions (5.6.0 and 5.6.1) of XZ Utils in Fedora Rawhide, with an urgent call for organizations to implement patches. The incident underscores the critical role of community volunteers in maintaining open-source software and highlights the need for enhanced security practices and access control within the software development lifecycle.
Secure-by-Design is the latest initiative on everyone’s lips, and the Australian government, collaborating with CISA at the highest levels of global governance, is guiding a higher standard of software quality and security from vendors.