Josh Grossman (tghosth 👻)
@joshcgrossman.com
Pinned
For the third year running, I am going to be delivering application security training at both @OWASP #GlobalAppSec EU in Barcelona (26-27 May) and also @BlackHatEvents #BHUSA in Las Vegas (4-5 Aug) and I am super excited!
Want to hear more? Keep reading...
1/5
Want to hear more? Keep reading...
1/5
Starting off the year with the uno reverse card 🤣🤣🤣
January 5, 2026 at 4:24 PM
Starting off the year with the uno reverse card 🤣🤣🤣
LONDON, BABY!
I'm bringing my course "Building a High-Value AppSec Scanning Programme" to London as part of @OWASP's London training days, 23-24 February 2026.
As seen at OWASP Global conferences, @BlackHatEvents and @NDC_Conferences, don't miss your chance to attend!
I'm bringing my course "Building a High-Value AppSec Scanning Programme" to London as part of @OWASP's London training days, 23-24 February 2026.
As seen at OWASP Global conferences, @BlackHatEvents and @NDC_Conferences, don't miss your chance to attend!
December 1, 2025 at 3:23 PM
LONDON, BABY!
I'm bringing my course "Building a High-Value AppSec Scanning Programme" to London as part of @OWASP's London training days, 23-24 February 2026.
As seen at OWASP Global conferences, @BlackHatEvents and @NDC_Conferences, don't miss your chance to attend!
I'm bringing my course "Building a High-Value AppSec Scanning Programme" to London as part of @OWASP's London training days, 23-24 February 2026.
As seen at OWASP Global conferences, @BlackHatEvents and @NDC_Conferences, don't miss your chance to attend!
November 11, 2025 at 9:04 AM
CFTs for both @BlackHatEvents #BHUSA and @OWASP Global AppSec EU (Vienna) are now open and close in early December!
Thinking of submitting? Check out my blog series for @BounceSecurity "So you want to train at Black Hat (or other conferences)?"
Thinking of submitting? Check out my blog series for @BounceSecurity "So you want to train at Black Hat (or other conferences)?"
So, you want to train at Black Hat (or other conferences)? An Introduction | Bounce Security
Efficient, Value-Driven Product Security
www.bouncesecurity.com
November 4, 2025 at 7:06 AM
CFTs for both @BlackHatEvents #BHUSA and @OWASP Global AppSec EU (Vienna) are now open and close in early December!
Thinking of submitting? Check out my blog series for @BounceSecurity "So you want to train at Black Hat (or other conferences)?"
Thinking of submitting? Check out my blog series for @BounceSecurity "So you want to train at Black Hat (or other conferences)?"
If you attended my vibe coding session at the @OWASP Community at @defcon (or you didn't but you are interested) and you want to continue the conversation, Emile Delcourt opened a dedicated channel on the @OWASP slack workspace:
owasp.slack.com/arch...
owasp.slack.com/arch...
September 2, 2025 at 6:20 PM
If you attended my vibe coding session at the @OWASP Community at @defcon (or you didn't but you are interested) and you want to continue the conversation, Emile Delcourt opened a dedicated channel on the @OWASP slack workspace:
owasp.slack.com/arch...
owasp.slack.com/arch...
About to head home after a packed week+ in Vegas for Hacker Summer Camp.
Some highlights for me:
Some highlights for me:
August 11, 2025 at 2:07 AM
About to head home after a packed week+ in Vegas for Hacker Summer Camp.
Some highlights for me:
Some highlights for me:
My searing hot take for today is that everyone hitting out at "security influencer" culture might want to consider that being able to persuade and influence is probably the most important tool in your security skillset.
August 6, 2025 at 3:34 PM
My searing hot take for today is that everyone hitting out at "security influencer" culture might want to consider that being able to persuade and influence is probably the most important tool in your security skillset.
Excited to be back delivering my course again at Black Hat USA!
August 5, 2025 at 12:28 AM
Excited to be back delivering my course again at Black Hat USA!
The final two parts of my blog series about delivering training at conferences have now been released!
You can check them out on the @BounceSecurity website now!
You can check them out on the @BounceSecurity website now!
July 17, 2025 at 11:30 AM
The final two parts of my blog series about delivering training at conferences have now been released!
You can check them out on the @BounceSecurity website now!
You can check them out on the @BounceSecurity website now!
Pulled last year's class workbook out so that I can prepare the updated version for this year.
You still have time to sign up for my updated course at @blackhatofficial.bsky.social #BHUSA, in person in Las Vegas, August 4-5.
You still have time to sign up for my updated course at @blackhatofficial.bsky.social #BHUSA, in person in Las Vegas, August 4-5.
June 24, 2025 at 9:32 AM
Pulled last year's class workbook out so that I can prepare the updated version for this year.
You still have time to sign up for my updated course at @blackhatofficial.bsky.social #BHUSA, in person in Las Vegas, August 4-5.
You still have time to sign up for my updated course at @blackhatofficial.bsky.social #BHUSA, in person in Las Vegas, August 4-5.
So you have a great training course with super-cool interactivity, now you have to get it accepted.
In my next blogpost, I talk about writing a proposal which appeals to both the review board and also your potential attendees.
Check it out here:
www.bouncesecurity.c...
In my next blogpost, I talk about writing a proposal which appeals to both the review board and also your potential attendees.
Check it out here:
www.bouncesecurity.c...
June 12, 2025 at 11:32 AM
So you have a great training course with super-cool interactivity, now you have to get it accepted.
In my next blogpost, I talk about writing a proposal which appeals to both the review board and also your potential attendees.
Check it out here:
www.bouncesecurity.c...
In my next blogpost, I talk about writing a proposal which appeals to both the review board and also your potential attendees.
Check it out here:
www.bouncesecurity.c...
Last week, I was honoured to received a Distinguished Lifetime Member award from OWASP at Global AppSec EU Barcelona 2025.
I wrote more about it here:
www.linkedin.com/pos...
I wrote more about it here:
www.linkedin.com/pos...
June 11, 2025 at 6:24 PM
Last week, I was honoured to received a Distinguished Lifetime Member award from OWASP at Global AppSec EU Barcelona 2025.
I wrote more about it here:
www.linkedin.com/pos...
I wrote more about it here:
www.linkedin.com/pos...
Reposted by Josh Grossman (tghosth 👻)
In October, 2021, we released 4.0.3 of the OWASP ASVS Standard. This release marked the start of the Vanilla Ice (or 5.0 as everyone else called it) release.
A major rethink about how we use the standard and with feedback from the community.
A major rethink about how we use the standard and with feedback from the community.
May 30, 2025 at 9:38 AM
In October, 2021, we released 4.0.3 of the OWASP ASVS Standard. This release marked the start of the Vanilla Ice (or 5.0 as everyone else called it) release.
A major rethink about how we use the standard and with feedback from the community.
A major rethink about how we use the standard and with feedback from the community.
Last week to save before prices go up on 23rd May!
Unless you Accelerate your AppSec Programme, you are going to get left behind..
Join me @blackhatofficial.bsky.social #BHUSA this summer in Las Vegas (4-5 Aug) for a practical guide on how to build bridges with developers and build securely!
Unless you Accelerate your AppSec Programme, you are going to get left behind..
Join me @blackhatofficial.bsky.social #BHUSA this summer in Las Vegas (4-5 Aug) for a practical guide on how to build bridges with developers and build securely!
May 19, 2025 at 12:00 PM
Last week to save before prices go up on 23rd May!
Unless you Accelerate your AppSec Programme, you are going to get left behind..
Join me @blackhatofficial.bsky.social #BHUSA this summer in Las Vegas (4-5 Aug) for a practical guide on how to build bridges with developers and build securely!
Unless you Accelerate your AppSec Programme, you are going to get left behind..
Join me @blackhatofficial.bsky.social #BHUSA this summer in Las Vegas (4-5 Aug) for a practical guide on how to build bridges with developers and build securely!
Welcome @blackhatofficial.bsky.social 🙂
You should probably report this account for impersonation though...
bsky.app/profile/blac...
You should probably report this account for impersonation though...
bsky.app/profile/blac...
bsky.app
May 13, 2025 at 7:13 PM
Welcome @blackhatofficial.bsky.social 🙂
You should probably report this account for impersonation though...
bsky.app/profile/blac...
You should probably report this account for impersonation though...
bsky.app/profile/blac...
Reposted by Josh Grossman (tghosth 👻)
The #BHUSA Early Registration Rate ends May 23rd! Register today to lock-in the lowest rate before it increases. Register here >> bit.ly/4jnXIa5
#BHUSA #Cybersecurity
#BHUSA #Cybersecurity
May 12, 2025 at 6:33 PM
The #BHUSA Early Registration Rate ends May 23rd! Register today to lock-in the lowest rate before it increases. Register here >> bit.ly/4jnXIa5
#BHUSA #Cybersecurity
#BHUSA #Cybersecurity
Reposted by Josh Grossman (tghosth 👻)
The #BHUSA 2025 Early Registration rate ends MAY 23! Secure your spot today at the lowest rates available>> bit.ly/4l9aYRH
May 8, 2025 at 4:08 PM
The #BHUSA 2025 Early Registration rate ends MAY 23! Secure your spot today at the lowest rates available>> bit.ly/4l9aYRH
Want to make your security training course memorable? 🎯
My latest post dives into creative ways to get students' hands dirty, from cloud-hosted labs to simulated stakeholder exercises. Learn how to make practical exercises the highlight of your course, not just an afterthought.
My latest post dives into creative ways to get students' hands dirty, from cloud-hosted labs to simulated stakeholder exercises. Learn how to make practical exercises the highlight of your course, not just an afterthought.
May 13, 2025 at 8:08 AM
Want to make your security training course memorable? 🎯
My latest post dives into creative ways to get students' hands dirty, from cloud-hosted labs to simulated stakeholder exercises. Learn how to make practical exercises the highlight of your course, not just an afterthought.
My latest post dives into creative ways to get students' hands dirty, from cloud-hosted labs to simulated stakeholder exercises. Learn how to make practical exercises the highlight of your course, not just an afterthought.
My blog series on developing training courses continues with a post about how to find the topic you are passionate about and that will also attract attendees:
www.bouncesecurity.c...
www.bouncesecurity.c...
Finding your niche/selling point | Bounce Security
Introduction
www.bouncesecurity.com
April 21, 2025 at 12:30 PM
My blog series on developing training courses continues with a post about how to find the topic you are passionate about and that will also attract attendees:
www.bouncesecurity.c...
www.bouncesecurity.c...
Reposted by Josh Grossman (tghosth 👻)
The bat-shit insane stories coming out of the US government this week is quite something
April 9, 2025 at 11:56 PM
The bat-shit insane stories coming out of the US government this week is quite something
So, you've decided you want to deliver training courses at a conference?
In the next post in my series about my experiences, I want to talk about money. I don't think it should be your main motivation but you probably can't ignore it!
Check it out:
www.bouncesecurity.c...
In the next post in my series about my experiences, I want to talk about money. I don't think it should be your main motivation but you probably can't ignore it!
Check it out:
www.bouncesecurity.c...
April 1, 2025 at 6:00 AM
So, you've decided you want to deliver training courses at a conference?
In the next post in my series about my experiences, I want to talk about money. I don't think it should be your main motivation but you probably can't ignore it!
Check it out:
www.bouncesecurity.c...
In the next post in my series about my experiences, I want to talk about money. I don't think it should be your main motivation but you probably can't ignore it!
Check it out:
www.bouncesecurity.c...
Reposted by Josh Grossman (tghosth 👻)
You can find out details in our contribution guide:
github.com/OWASP/ASV...
Alternatively, get in contact with us via OWASP Slack:
owasp.slack.com/arch...
Have your say now! Submit early to avoid disappointment 😀
2/2
github.com/OWASP/ASV...
Alternatively, get in contact with us via OWASP Slack:
owasp.slack.com/arch...
Have your say now! Submit early to avoid disappointment 😀
2/2
ASVS/CONTRIBUTING.md at master · OWASP/ASVS
Application Security Verification Standard. Contribute to OWASP/ASVS development by creating an account on GitHub.
github.com
March 31, 2025 at 3:40 PM
You can find out details in our contribution guide:
github.com/OWASP/ASV...
Alternatively, get in contact with us via OWASP Slack:
owasp.slack.com/arch...
Have your say now! Submit early to avoid disappointment 😀
2/2
github.com/OWASP/ASV...
Alternatively, get in contact with us via OWASP Slack:
owasp.slack.com/arch...
Have your say now! Submit early to avoid disappointment 😀
2/2
Reposted by Josh Grossman (tghosth 👻)
📯YOUR INPUT IS NEEDED!📯
@OWASP ASVS version 5.0 release candidate is ready for review.
The final version is planned for the end of May. We want your feedback before then!
Can devs understand it? How about testers? Anything missing?
Dive into GitHub and let us know!
1/2
@OWASP ASVS version 5.0 release candidate is ready for review.
The final version is planned for the end of May. We want your feedback before then!
Can devs understand it? How about testers? Anything missing?
Dive into GitHub and let us know!
1/2
March 31, 2025 at 3:40 PM
📯YOUR INPUT IS NEEDED!📯
@OWASP ASVS version 5.0 release candidate is ready for review.
The final version is planned for the end of May. We want your feedback before then!
Can devs understand it? How about testers? Anything missing?
Dive into GitHub and let us know!
1/2
@OWASP ASVS version 5.0 release candidate is ready for review.
The final version is planned for the end of May. We want your feedback before then!
Can devs understand it? How about testers? Anything missing?
Dive into GitHub and let us know!
1/2
I will be publishing the next post in this series tomorrow so look out for it!
This year should hopefully be the 3rd year that I train at @BlackHatEvents #BHUSA and also at @OWASP #AppSecEU?
But how did I get to this stage?
The short answer is a lot of thought and hard work.
And the long answer?
Well I thought I'd write some thoughts down...
🧵 1/x
But how did I get to this stage?
The short answer is a lot of thought and hard work.
And the long answer?
Well I thought I'd write some thoughts down...
🧵 1/x
March 31, 2025 at 12:00 PM
I will be publishing the next post in this series tomorrow so look out for it!