Name: Getting Started with Security Basics on the Way to Finding a Specialization – ASW #339
Uploaded: 2025-07-15T05:00:00-04:00
Description: Getting Started with Security Basics on the Way to Finding a Specialization – ASW #339

<body>What are some appsec basics? There's no monolithic appsec role. Broadly speaking, appsec tends to branch into engineering or compliance paths, each with different areas of focus despite having shared vocabularies and the (hopefully!) shared goal of protecting software, data, and users. 

The better question is, "What do you want to secure?"

We discuss the Cybersecurity Skills Framework put together by the OpenSSF and the Linux Foundation and how you might prepare for one of its job families. The important basics aren't about memorizing lists or technical details, but demonstrating experience in working with technologies, understanding how they can fail, and being able to express concerns, recommendations, and curiosity about their security properties.

Resources:

<ul>
<li><a rel="noreferrer noopener" target="_blank" href="https://cybersecurityframework.io">https://cybersecurityframework.io</a></li>
<li><a rel="noreferrer noopener" target="_blank" href="https://owasp.org/www-project-cheat-sheets/">https://owasp.org/www-project-cheat-sheets/</a></li>
<li><a rel="noreferrer noopener" target="_blank" href="https://blog.cloudflare.com/rfc-8446-aka-tls-1-3/">https://blog.cloudflare.com/rfc-8446-aka-tls-1-3/</a></li>
<li><a rel="noreferrer noopener" target="_blank" href="https://aflplus.plus/">https://aflplus.plus/</a></li>
<li><a rel="noreferrer noopener" target="_blank" href="https://writings.stephenwolfram.com/2023/02/what-is-chatgpt-doing-and-why-does-it-work/">https://writings.stephenwolfram.com/2023/02/what-is-chatgpt-doing-and-why-does-it-work/</a></li>
</ul>

Visit <a rel="noreferrer noopener" target="_blank" href="https://www.securityweekly.com/asw">https://www.securityweekly.com/asw</a> for all the latest episodes!</body>

<body>What are some appsec basics? There’s no monolithic appsec role. Broadly speaking, appsec tends to branch into engineering or compliance paths, each with different areas of focus despite having shared vocabularies and the (hopefully!) shared goal of protecting software, data, and users. 
The better question is, “What do you want to secure?”
We discuss the Cybersecurity Skills Framework put together by the OpenSSF and the Linux Foundation and how you might prepare for one of its job families. The important basics aren’t about memorizing lists or technical details, but demonstrating experience in working with technologies, understanding how they can fail, and being able to express concerns, recommendations, and curiosity about their security properties.
Resources:
<ul>
<li><a rel="noreferrer noopener" target="_blank" href="https://cybersecurityframework.io">https://cybersecurityframework.io</a></li>
<li><a rel="noreferrer noopener" target="_blank" href="https://owasp.org/www-project-cheat-sheets/">https://owasp.org/www-project-cheat-sheets/</a></li>
<li><a rel="noreferrer noopener" target="_blank" href="https://blog.cloudflare.com/rfc-8446-aka-tls-1-3/">https://blog.cloudflare.com/rfc-8446-aka-tls-1-3/</a></li>
<li><a rel="noreferrer noopener" target="_blank" href="https://aflplus.plus/">https://aflplus.plus/</a></li>
<li><a rel="noreferrer noopener" target="_blank" href="https://writings.stephenwolfram.com/2023/02/what-is-chatgpt-doing-and-why-does-it-work/">https://writings.stephenwolfram.com/2023/02/what-is-chatgpt-doing-and-why-does-it-work/</a></li>
</ul>
Visit <a rel="noreferrer noopener" target="_blank" href="https://www.securityweekly.com/asw">https://www.securityweekly.com/asw</a> for all the latest episodes!
</body>

Featured image for {“vendor”:”ppworks”,”type”:”segment”,”id”:”14092″} podcast from PPWorks

<body>What are some appsec basics? There's no monolithic appsec role. Broadly speaking, appsec tends to branch into engineering or compliance paths, each with different areas of focus despite having shared vocabularies and the (hopefully!) shared goal of protecting software, data, and users. 

The better question is, "What do you want to secure?"

We discuss the Cybersecurity Skills Framework put together by the OpenSSF and the Linux Foundation and how you might prepare for one of its job families. The important basics aren't about memorizing lists or technical details, but demonstrating experience in working with technologies, understanding how they can fail, and being able to express concerns, recommendations, and curiosity about their security properties.

Resources:

<ul>
<li><a rel="noreferrer noopener" target="_blank" href="https://cybersecurityframework.io">https://cybersecurityframework.io</a></li>
<li><a rel="noreferrer noopener" target="_blank" href="https://owasp.org/www-project-cheat-sheets/">https://owasp.org/www-project-cheat-sheets/</a></li>
<li><a rel="noreferrer noopener" target="_blank" href="https://blog.cloudflare.com/rfc-8446-aka-tls-1-3/">https://blog.cloudflare.com/rfc-8446-aka-tls-1-3/</a></li>
<li><a rel="noreferrer noopener" target="_blank" href="https://aflplus.plus/">https://aflplus.plus/</a></li>
<li><a rel="noreferrer noopener" target="_blank" href="https://writings.stephenwolfram.com/2023/02/what-is-chatgpt-doing-and-why-does-it-work/">https://writings.stephenwolfram.com/2023/02/what-is-chatgpt-doing-and-why-does-it-work/</a></li>
</ul></body>

more views on curl vulnerabilities | daniel.haxx.se

Pre-Auth SQL Injection to RCE – Fortinet FortiWeb Fabric Connector (CVE-2025-25257)

Risky Bulletin: Major EoT/HoT vulnerability can bring trains to sudden stops

Writing a basic Linux device driver when you know nothing about Linux drivers or USB // crescentro.se

[LLM] Measuring the Impact of Early-2025 AI on Experienced Open-Source Developer Productivity – METR

[CTF] The Ultimate Cloud Security Championship

Application Security Weekly

About all things AppSec, DevOps, and DevSecOps focusing on helping its audience find and fix software flaws effectively.

Site logo for Application Security Weekly show.

Host

Security Partner

Headshot for Mike Shema from PPWorks

Mike Shema

Senior Engineering Leader

Co-founder & CTO

Headshot for John Kinsella from PPWorks

John Kinsella

Application security

DevOps

Career Management

Topic

Getting Started with Security Basics on the Way to Finding a Specialization – ASW #339

Getting Started with Security Basics on the Way to Finding a Specialization – ASW #339

Getting Started with Security Basics on the Way to Finding a Specialization – ASW #339

Stay in the Know, No Smoke and Mirrors – Join Our Newsletter

Related Episodes

Scanner Results Are a Starting Point. Here’s What Comes Next. – Federico Kirschbaum – ASW #386

BadHost, Dead CTFs, Exploding NPMs, and the Verizon DBIR – ASW #385

AppSec Conversations on Agents, LLMs, and OWASP from RSAC – Merritt Maxim, Scott Clinton, Janet Worthington – ASW #384

Related Content

Docker security scanner uses AI to help explain, fix vulnerabilities

Guardrails for agents: How to secure AI at runtime

Free M365 Security Audit