Courses

Explore how security can become a powerful innovation driver in fast-paced fintech environments through this conference talk featuring Robinhood Markets' Chief Security Officer and Deputy CISO. Discover their strategic approach to transforming traditional security initiatives into business enablers that actively support rapid organizational growth on AWS infrastructure. Learn practical methodologies for measuring security effectiveness beyond traditional metrics, understand techniques for empowering security teams to think like business partners, and examine frameworks for fostering cross-functional collaboration between security, engineering, and business units. Gain executive-level insights into reframing security conversations from cost centers to value drivers, explore real-world case studies of security innovations that accelerated business objectives, and understand how to build security programs that scale with hypergrowth while maintaining robust protection. Walk away with actionable strategies to transform your organization's security posture from a compliance necessity into a competitive advantage that drives business success and innovation velocity.

Explore a test-driven approach to application security in this 53-minute conference talk from NDC Security 2023. Learn how to write automated tests that prove the effectiveness of your security defenses, addressing vulnerabilities commonly found in OWASP TOP 10 lists. Discover techniques to overcome issues stemming from unclear non-functional requirements and insufficient security-focused testing. Watch practical demonstrations in C# for an API built with ASP.NET Core 6, showcasing how to implement robust security measures through test-driven development. Gain valuable insights from speakers Tobias Ahnoff and Martin Altenstedt on enhancing your application's security posture using automated testing methodologies.

Learn how to secure an organization's network and keep your interconnected systems and data safe.

Discover the profound connection between childhood stressors and adult behaviors in this insightful 13-minute TEDx talk. Explore the concept of "Demons & Drivers" and learn how to harness the power of your past experiences to fuel your life's purpose. Gain valuable insights into transforming personal challenges into catalysts for growth and success. Uncover strategies for identifying and leveraging your defining driver to overcome obstacles and achieve your goals. This thought-provoking presentation offers a unique perspective on personal development and empowerment, encouraging viewers to embrace their inner demons and channel them towards positive change.

Cloud applications are enabling businesses to move faster than ever, and with that comes a growing demand for security solutions that are able to keep up.This course will introduce you to AWS services that are used to monitor and report on application and infrastructure events, detect changes to infrastructure, and send required notifications. Through the learnings from this course, you can finally rest assured that your application is secure in the cloud.In this course you’ll learn to: Understand and use AWS CloudTrail, including how to consolidate all logs in a central account. Gain an understanding of AWS Config and write custom rules using AWS Lambda. Configure CloudWatch to set up notifications on alarms, and secure VPCs with flow logs. Set up AWS WAF to secure your CloudFront and API Gateway distributions. Set up the official CIS Quickstart in your AWS account to ensure you follow best practices.This course is made for developers wanting to understand how to secure their applications and security architects interested in how to remain secure when moving to the cloud. We recommend that you have some basic knowledge of AWS services, including Lambda and VPCs before getting started with this course. Additionally, some JavaScript knowledge will be helpful as we have used JavaScript for a few custom security Lambdas.

Explore a 20-minute conference talk from USENIX Enigma 2017 on implementing Test Driven Security (TDS) in Continuous Integration environments. Learn how Mozilla's CloudSec team redesigned security controls to keep pace with rapid DevOps deployment cycles. Discover the principles of TDS, which prioritizes security tests representing desired behaviors and continuously runs them against code. Gain insights into how this approach accelerates the discovery and mitigation of security issues compared to traditional methods. Examine Mozilla's use of open-source tools to implement TDS, reducing security vulnerabilities and regressions in production environments. Understand the talk's structure, covering topics such as DevOps pipelines, writing and running tests in CI/CD, socializing requirements, and enforcing test passage. Benefit from the expertise of Julien Vehent, Firefox Services Security Lead at Mozilla, as he shares practical strategies for integrating security into fast-paced development cycles.

Updated in May 2025. This course now features Coursera Coach! A smarter way to learn with interactive, real-time conversations that help you test your knowledge, challenge assumptions, and deepen your understanding as you progress through the course. This course dives into the implementation of event-driven architectures in microservices and focuses on secure communication between services. You'll gain practical skills in utilizing RabbitMQ and MassTransit for asynchronous communication, which is essential for developing scalable and reliable systems. Learn how to implement modular monolithic designs and explore the complexities of integrating microservices using event-driven principles. The course begins by introducing asynchronous messaging with RabbitMQ and MassTransit. You will explore modular monolithic architectures and how they handle asynchronous communication between modules for better scalability. You will also examine key messaging patterns like publish/subscribe, ensuring you understand the full process of event-driven systems. Moving forward, you will work on developing integration events, including setting up shared messaging libraries and using MassTransit to handle integration events. The course also includes in-depth testing of integration events and the handling of message flows, ensuring your systems are robust and functional. Targeted at software developers and engineers with a basic understanding of .NET and microservices, this course covers everything from implementing security with Keycloak to containerizing your applications using Docker-Compose. The course provides hands-on experience in building secure, scalable systems in real-world scenarios. Basic knowledge of .NET, microservices, and event-driven architecture concepts.

Explore how cloud technology enhances security in this 51-minute conference talk from Louisville Infosec 2015. Delve into Kevin Peterson's background and security vision, examining data loss prevention, user experience optimization, and the evolving landscape of intellectual property protection. Analyze the KPMG report findings, compare various security solutions, and understand the impact of Internet for Business. Discover Zscaler's approach to scalable security, including their global data center network, SSL encryption techniques, and advanced threat detection methods. Learn about the Platform Strategy, HaloSSL Inspection, and innovative fire protection measures in cloud-based security systems.

Explore a comprehensive approach to data-driven security strategy in this 40-minute conference talk from RSA Conference. Learn how to align security initiatives with organizational vision, define strategy through mission-supporting plans and projects, and implement a practical security strategy. Gain insights from Gabriel Bassett, Senior Information Security Data Scientist at Verizon, on minimizing organizational friction and optimizing resource utilization. Discover various strategy options, including Reactor, Obsidian, Risk, and Compliance approaches, and understand how to apply the NIST Framework. Walk through an end-to-end example demonstrating the process of building and implementing a data-driven security strategy, equipping yourself with the knowledge to enhance your organization's security posture from CISO to engineer level.

Learn about the Driver Risk Scores (DRS) threat detection system in this conference talk from BSidesCharm 2024. Explore how to assess and quantify the security risks posed by device drivers through a comprehensive scoring system based on seven critical characteristics. Discover how this scoring methodology, comparable to CVE scoring, combines security features and real-world data to generate actionable insights for system administrators and security teams. Drawing from research at loldrivers.io, understand the varying levels of driver vulnerabilities and learn to make informed decisions about driver deployment in your environment. Presented by Dana Behling, a cybersecurity researcher at Carbon Black, who brings both technical expertise in digital security and a creative approach influenced by her passion for science fiction and fantasy literature.

Explore developer-driven security strategies for high-growth environments in this insightful conference talk from Global AppSec Dublin. Discover how to implement effective security measures that scale with rapidly expanding organizations, learn best practices for integrating security into the development process, and gain valuable insights on fostering a security-conscious culture among developers. Delve into practical approaches for balancing security requirements with the fast-paced nature of high-growth companies, and understand how to empower developers to take ownership of security throughout the software development lifecycle.

Explore a comprehensive conference talk that demonstrates how to integrate AI-driven security practices directly into Jenkins CI/CD pipelines through Security as Code methodologies. Learn the fundamental importance of embedding security measures early in the development lifecycle and understand the critical challenges organizations face when balancing rapid development speed with robust security requirements. Discover the significant impact and benefits that Security as Code brings to modern software development, including substantial economic advantages of implementing security integration from the earliest stages of development. Master the foundational principles and core concepts that underpin effective Security as Code implementation, with detailed guidance on practical implementation strategies specifically within Jenkins pipeline environments. Examine real-world organizational transformation case studies that showcase successful Security as Code adoption and understand the common challenges teams encounter during implementation phases. Follow a structured adoption journey that outlines the step-by-step process for transitioning to Security as Code practices, while gaining insights into emerging trends and future developments in the Security as Code landscape. Gain practical knowledge for implementing automated security testing, vulnerability scanning, and compliance checking directly within your Jenkins workflows to create more secure and efficient development processes.

Explore a data-driven approach to application security in this 50-minute conference talk by Petter Kvalvaag and Kristian Reed from Equinor. Learn how to tackle the challenge of information overload from multiple security sources, including dependency vulnerabilities, docker image issues, cloud provider recommendations, and source code management alerts. Discover the journey of collecting, aggregating, joining, and analyzing security data to generate actionable insights at both team and company levels. Gain valuable strategies for managing and prioritizing security signals to enhance your organization's overall application security posture.

Explore Test Driven Security in the DevOps pipeline through this 42-minute conference talk from AppSecUSA 2017. Learn how to implement a baseline of security controls and test them continuously within the deployment process. Discover the benefits of writing security tests first, including clarified expectations, specific and testable controls, high reusability, and real-time detection of security regressions. Gain insights into practical examples such as implementing Content Security Policy, CSRF token requirements, and SSH root login restrictions. Understand how this approach, similar to Test Driven Development, can help catch vulnerabilities early and improve overall security posture. Follow along as the speaker, Julien Vehent, Firefox Operations Security Lead at Mozilla, shares his expertise in web application security and services architecture.

Explore the critical landscape of software supply chain security in this 51-minute conference talk from LASCON. Delve into the findings of a comprehensive survey of 300 technology executives, examining both buyer and supplier perspectives on supply chain security concerns. Gain insights into the factors driving increased awareness of these issues, including high-profile incidents like the Solar Winds and CodeCov breaches, as well as vulnerabilities such as Log4Shell and Spring4Shell. Discover which organizational departments are spearheading change, the budgetary implications of addressing these risks, and the planned next steps for mitigating supply chain security threats. Walk away with a deeper understanding of the current state of software supply chain security and actionable strategies to implement in your own organization for programmatic risk management. Presented by Dan Cornell, VP of Product Strategy at Coalfire, this talk offers valuable knowledge for technology professionals seeking to enhance their software supply chain security programs.

Discover a modern approach to security with this 42-minute DevSecCon conference talk on risk-driven security. Learn how to implement risk-first threat modeling, using business risk as the guiding principle to identify and prioritize critical threats. Gain insights into finding risks and vulnerabilities in code and architectures, and develop a clear understanding of your most significant weaknesses. Acquire a flexible and simple method for identifying and reducing security risks that can be easily explained to other teams and stakeholders. Understand how to gain buy-in, funding, and support for risk-reduction efforts by connecting security concerns to business objectives. Explore the benefits of threat modeling, which can be introduced at any point in a system's lifecycle and provides lasting security advantages. By the end of the talk, be equipped with practical knowledge to immediately implement this approach in your team and systems. Join the DevSecCon Discord community for further discussions and resources on security practices.

A 44-minute talk by Wen Wei Ho at the Erwin Schrödinger International Institute for Mathematics and Physics (ESI) explores the concept of geometric quantum drives, with a focus on hyperbolically driven quantum systems. Delivered as part of the Thematic Programme on "Entanglement in Many-body Quantum Matter: Dynamics, Dissipation, Equilibration," this presentation investigates quantum drives beyond the conventional time-periodic (Floquet) and time-quasiperiodic modulations. Discover a theoretical framework where a classical particle moving on a smooth connected manifold steers a quantum Hamiltonian over time, creating diverse time-dependent quantum Hamiltonians whose properties depend on the underlying manifold and trajectory. Learn about "hyperbolically driven quantum systems" applied to compact 2D hyperbolic Riemann surfaces, and understand how they exhibit topologically classified responses in the adiabatic limit that can be measured through simple local observables. Gain insights into this general framework for mapping the landscape of time-dependent quantum systems, investigating their universal phase structures, and potentially enhancing modern quantum simulator capabilities.

Explore a 31-minute conference talk that delves into intent-driven security automation for Telco/5G networks through the lens of the NSF convergence accelerator track. Learn about Nimbus, a Kubernetes operator designed for automated security, and discover how security intents are modeled, use-cases are templatized, and policies are generated in a scalable, Kubernetes-native approach. Understand the implementation of O-RAN Threat Model in identifying security intents and witness a practical demonstration of intent-based security use-cases utilizing Nephio for multi-cluster orchestration.

Learn a five-step disciplined approach to drive enterprise software security in this conference talk from AppSec California 2016. Explore how to characterize the landscape, secure champions, define standards and strategy, execute initiatives, and sustain efforts to improve organizational software security. Discover strategies for overcoming cultural and political challenges that often surpass technical issues when implementing security initiatives. Gain insights on changing the way your organization builds software, ensuring that corporate-wide efforts to secure applications are as productive as possible. The speaker, John Dickson, a Principal at Denim Group and internationally recognized security leader, shares his expertise on launching and expanding critical application security initiatives in Fortune 500 companies and government organizations.

Explore a comprehensive 6-hour golf tutorial focused on mastering the driver. Learn techniques to balance distance and accuracy, increase clubhead speed, and improve overall driving performance. Discover tips for hitting draws and fades, correcting common mistakes, and optimizing your setup. Address specific challenges faced by senior and beginner golfers, including increasing swing speed and distance. Dive into advanced concepts like swing plane, golf lag, and proper release. Gain insights on fixing slices, improving contact, and achieving an effortless swing. Utilize practical drills and exercises to enhance your driving skills and consistently hit longer, more accurate drives.