Helping Users with Practical Advice to Protect their Digital Devices – Runa Sandvik – ASW #371
Journalists put a lot of effort into collecting information and protecting their sources, but everyone can benefit from having a digital environment that's more secure and more privacy protecting. Runa Sandvik shares her experience working with journalists and targeted groups to craft plans for how they use their devices and manage their information. And she also makes the point that the burden of security should not be just for users -- platforms and software providers should be evaluating secure defaults and secure designs that improve protections for everyone.
Resources
Runa Sandvik is the founder of Granitt, a consultancy focused on security for journalists and other at-risk people around the world. Her work builds upon experience from her time at The New York Times, Freedom of the Press Foundation, and The Tor Project. Runa is a member of the Aspen Institute’s Global Cybersecurity Group, an advisor to the Signals Network, and a big fan of indoor skydiving. Originally from Oslo, she’s now based in New York.
Security Weekly listeners save $100 on their RSAC 2026 All Access Pass! RSAC 2026 Conference will take place March 23rd to March 26th in San Francisco. To register using our discount code, please visit securityweekly.com/rsac26 and use the code 56U5SECWEEKLY! We hope to see you there!
Most security conferences talk about threats. Zero Trust World lets you attack them. From March 4th to 6th, 2026 in Orlando, Florida, this hands-on cybersecurity event features live hacking labs where you’ll break real environments, think like an adversary, and learn how attacks really work. You’ll also get expert sessions, real-world case studies, CPE credits, and networking with top practitioners. And yes — the Security Weekly team will be there too. Don’t miss it! Register today at securityweekly.com/ZTW.
Mike Shema
- Using go fix to modernize Go code – The Go Programming Language
- Making frontier cybersecurity capabilities available to defenders Anthropic
- Rust at Scale: An Added Layer of Security for WhatsApp – Engineering at Meta
- Carelessness versus craftsmanship in cryptography – The Trail of Bits Blog
- Notes on clarifying man pages
This is one of those articles that doesn't have any direct tie to appsec, but speaks to a topic that I find important in modern appsec -- communication. In this case, very specifically in writing.
When I read about so many recommendations on how to prompt LLMs, write Skills.md files, or otherwise give instructions to LLMs, my mind always goes to how code could be described and documented for humans first.
I feel like having good explanations of tools coupled with clear, useful examples remains a great way to engage users. And it very strongly ties into communication about security, whether it's explaining why certain defaults are secure and the consequences of changing them, or talking through threat models with developers in order to establish a secure design.
- How to Organize Safely in the Age of Surveillance | WIRED
