Laura Bell Main
@ladynerd.bsky.social
CEO at SafeStack | coauthor of Agile Application Security and Security for Everyone | Host of Build Amazing Things (securely) | #appsec nerd | mom
Should security schemes be more prescriptive?
"None of the security certifications or regulations are prescriptive; it is up to your company to define the scope, means, and implementation"
While this sounds great, does it put too much interpretation in the hands of the auditor?
"None of the security certifications or regulations are prescriptive; it is up to your company to define the scope, means, and implementation"
While this sounds great, does it put too much interpretation in the hands of the auditor?
How to Build Secure Software without Sacrificing Productivity
Security can clash with development efficiency. Focusing on minimizing breach impact can be more effective than prevention. Dorota Parad argues for flexibility in compliance and collaborating with security teams to define practical protections. Limiting blast radius and using automation can boost security with minimal productivity loss.
bit.ly
August 22, 2025 at 11:43 PM
Should security schemes be more prescriptive?
"None of the security certifications or regulations are prescriptive; it is up to your company to define the scope, means, and implementation"
While this sounds great, does it put too much interpretation in the hands of the auditor?
"None of the security certifications or regulations are prescriptive; it is up to your company to define the scope, means, and implementation"
While this sounds great, does it put too much interpretation in the hands of the auditor?
Are you measuring subtle frictions?
This quote really made me think "where friction introduced by AI tooling is subtle enough to go unnoticed in the moment but cumulatively slows real-world output"
How many other sorts of subtle friction do we experience?
This quote really made me think "where friction introduced by AI tooling is subtle enough to go unnoticed in the moment but cumulatively slows real-world output"
How many other sorts of subtle friction do we experience?
AI Coding Tools Underperform in Field Study with Experienced Developers
Recent research reveals a surprising 19% increase in task completion time among developers using AI tools like Claude 3.5. Conducted by METR, this study highlights a "perception gap"—while developers felt faster, real-world performance lagged due to frictions with AI integration. These findings stress the need for rigorous evaluation of AI's impact in software development.
bit.ly
August 15, 2025 at 11:43 PM
Are you measuring subtle frictions?
This quote really made me think "where friction introduced by AI tooling is subtle enough to go unnoticed in the moment but cumulatively slows real-world output"
How many other sorts of subtle friction do we experience?
This quote really made me think "where friction introduced by AI tooling is subtle enough to go unnoticed in the moment but cumulatively slows real-world output"
How many other sorts of subtle friction do we experience?
What are your essentials for setting up security monitoring?
Keeping an eye on the health and effectiveness of our systems is crucial but security monitoring can make the difference between small incident and catastropic event.
Keeping an eye on the health and effectiveness of our systems is crucial but security monitoring can make the difference between small incident and catastropic event.
10 Essential Tips for Setting Up Monitoring for Your SaaS
Learn how to set up effective monitoring for your SaaS with these 10 practical tips. From choosing metrics to incident response strategies.
bit.ly
August 8, 2025 at 11:43 PM
What are your essentials for setting up security monitoring?
Keeping an eye on the health and effectiveness of our systems is crucial but security monitoring can make the difference between small incident and catastropic event.
Keeping an eye on the health and effectiveness of our systems is crucial but security monitoring can make the difference between small incident and catastropic event.
Are you ready to rollback?
This is a really pragmatic guide to thinking about rollback as well as rollout when planning your systems. Rollback can be an important part of incident response and we shouldn't underestimate how hard it can be.
This is a really pragmatic guide to thinking about rollback as well as rollout when planning your systems. Rollback can be an important part of incident response and we shouldn't underestimate how hard it can be.
Why You Should Design for Feature Rollbacks (Not Just Rollouts)
You’ve just shipped a shiny new feature. Everything seems perfect… until users start flooding your...
bit.ly
August 1, 2025 at 11:43 PM
Are you ready to rollback?
This is a really pragmatic guide to thinking about rollback as well as rollout when planning your systems. Rollback can be an important part of incident response and we shouldn't underestimate how hard it can be.
This is a really pragmatic guide to thinking about rollback as well as rollout when planning your systems. Rollback can be an important part of incident response and we shouldn't underestimate how hard it can be.
Would you use an AI bot as your therapist?
While this study identifies some challenges from a safety and risk perspective, I think we are still yet to grapple with the PII and privacy implications of this sort of application.
Do I think everyone should get the help they need and have someone to ta
While this study identifies some challenges from a safety and risk perspective, I think we are still yet to grapple with the PII and privacy implications of this sort of application.
Do I think everyone should get the help they need and have someone to ta
Stanford Study Finds Big Risks in Relying on AI Therapy Chatbots
AI chatbots may seem helpful for mental health support — but a new Stanford study warns they could be...
bit.ly
July 25, 2025 at 11:43 PM
Would you use an AI bot as your therapist?
While this study identifies some challenges from a safety and risk perspective, I think we are still yet to grapple with the PII and privacy implications of this sort of application.
Do I think everyone should get the help they need and have someone to ta
While this study identifies some challenges from a safety and risk perspective, I think we are still yet to grapple with the PII and privacy implications of this sort of application.
Do I think everyone should get the help they need and have someone to ta
Every week, someone comes at me with some hustle culture nonsense about how I must work 24/7 and from anywhere..... sure.... obviously.... 😂
July 23, 2025 at 12:49 AM
Every week, someone comes at me with some hustle culture nonsense about how I must work 24/7 and from anywhere..... sure.... obviously.... 😂
Four months ago, this was a garden potting shed....
Now it's my dream office and recording studio, and the most peaceful space I've ever worked from.
As a founder, it's crucial that I have space to focus, but as a carer, I can't be far from home. This is the perfect compromise.
Now it's my dream office and recording studio, and the most peaceful space I've ever worked from.
As a founder, it's crucial that I have space to focus, but as a carer, I can't be far from home. This is the perfect compromise.
July 20, 2025 at 10:36 PM
Four months ago, this was a garden potting shed....
Now it's my dream office and recording studio, and the most peaceful space I've ever worked from.
As a founder, it's crucial that I have space to focus, but as a carer, I can't be far from home. This is the perfect compromise.
Now it's my dream office and recording studio, and the most peaceful space I've ever worked from.
As a founder, it's crucial that I have space to focus, but as a carer, I can't be far from home. This is the perfect compromise.
I’ve joined Sweat with Pride this June to support my rainbow whanau here in nz. 🌈 and on behalf of my very rainbow-t’astique family in the uk 🇬🇧🥰
If you would like to support this great cause you can sponsor me!
www.sweatwithpride.com/fundraisers/...
If you would like to support this great cause you can sponsor me!
www.sweatwithpride.com/fundraisers/...
Laura Bell Main • Sweat with Pride
I’m taking on Sweat with Pride this June to raise money for our Rainbow communities! 💦🌈 Our schools, workplaces, and doctors’ offices are still not safe places for many Rainbow New Zealanders and it’s...
www.sweatwithpride.com
May 18, 2025 at 9:46 AM
I’ve joined Sweat with Pride this June to support my rainbow whanau here in nz. 🌈 and on behalf of my very rainbow-t’astique family in the uk 🇬🇧🥰
If you would like to support this great cause you can sponsor me!
www.sweatwithpride.com/fundraisers/...
If you would like to support this great cause you can sponsor me!
www.sweatwithpride.com/fundraisers/...
🤯 😢 It's 2025, and yet, in the age when AI is making all software and security jobs redundant...
We are still collecting payment information like this???
Much work is needed to secure our software experiences for our organizations and end users.
We are still collecting payment information like this???
Much work is needed to secure our software experiences for our organizations and end users.
April 7, 2025 at 8:59 PM
🤯 😢 It's 2025, and yet, in the age when AI is making all software and security jobs redundant...
We are still collecting payment information like this???
Much work is needed to secure our software experiences for our organizations and end users.
We are still collecting payment information like this???
Much work is needed to secure our software experiences for our organizations and end users.
👀 sneak peak to whats coming very soon from @safestack 👀
Any of you want an easy way to build and mature an OWASP SAMM or NIST SSDF application security program?
DM me for early access and special pricing for early adopters.
This is going to be epic 😍
#owasp #appsec #infosec #productlaunch #ss
Any of you want an easy way to build and mature an OWASP SAMM or NIST SSDF application security program?
DM me for early access and special pricing for early adopters.
This is going to be epic 😍
#owasp #appsec #infosec #productlaunch #ss
February 10, 2025 at 10:25 PM
👀 sneak peak to whats coming very soon from @safestack 👀
Any of you want an easy way to build and mature an OWASP SAMM or NIST SSDF application security program?
DM me for early access and special pricing for early adopters.
This is going to be epic 😍
#owasp #appsec #infosec #productlaunch #ss
Any of you want an easy way to build and mature an OWASP SAMM or NIST SSDF application security program?
DM me for early access and special pricing for early adopters.
This is going to be epic 😍
#owasp #appsec #infosec #productlaunch #ss
January 8, 2025 at 4:28 AM
For the second time this year, I find myself impacted by health issues on a trip.
This time, COVID knocked me flat in less than 24 hours and has torn this trip asunder.
I am devastated but also grateful to be able to isolate and focus on recovery. I will be returning to NZ as soon as safe to do so
This time, COVID knocked me flat in less than 24 hours and has torn this trip asunder.
I am devastated but also grateful to be able to isolate and focus on recovery. I will be returning to NZ as soon as safe to do so
October 21, 2024 at 8:45 PM
For the second time this year, I find myself impacted by health issues on a trip.
This time, COVID knocked me flat in less than 24 hours and has torn this trip asunder.
I am devastated but also grateful to be able to isolate and focus on recovery. I will be returning to NZ as soon as safe to do so
This time, COVID knocked me flat in less than 24 hours and has torn this trip asunder.
I am devastated but also grateful to be able to isolate and focus on recovery. I will be returning to NZ as soon as safe to do so
For the second time this year, I find myself impacted by health issues on a trip.
This time, COVID knocked me flat in less than 24 hours and has torn this trip asunder.
I am devastated but also grateful to be able to isolate and focus on recovery. I will be returning to NZ as soon as safe to do so
This time, COVID knocked me flat in less than 24 hours and has torn this trip asunder.
I am devastated but also grateful to be able to isolate and focus on recovery. I will be returning to NZ as soon as safe to do so
October 21, 2024 at 8:35 PM
For the second time this year, I find myself impacted by health issues on a trip.
This time, COVID knocked me flat in less than 24 hours and has torn this trip asunder.
I am devastated but also grateful to be able to isolate and focus on recovery. I will be returning to NZ as soon as safe to do so
This time, COVID knocked me flat in less than 24 hours and has torn this trip asunder.
I am devastated but also grateful to be able to isolate and focus on recovery. I will be returning to NZ as soon as safe to do so
The fabulous Denise Jacob’s keynoting NDC Porto
Wise words about how to reflect and adapt to what’s happening in the professional world right now
Wise words about how to reflect and adapt to what’s happening in the professional world right now
October 18, 2024 at 8:09 AM
The fabulous Denise Jacob’s keynoting NDC Porto
Wise words about how to reflect and adapt to what’s happening in the professional world right now
Wise words about how to reflect and adapt to what’s happening in the professional world right now
It’s normal for the parents in Bluey to make you feel like a bad parent right?
September 23, 2024 at 4:29 AM
It’s normal for the parents in Bluey to make you feel like a bad parent right?
Doing a thought experiment about how little you need to say to teach a CWE to a developer such that they can avoid it 😂💪
Anyone feeling brave?
Anyone feeling brave?
September 19, 2024 at 2:36 AM
Doing a thought experiment about how little you need to say to teach a CWE to a developer such that they can avoid it 😂💪
Anyone feeling brave?
Anyone feeling brave?
Bluesky now has over 10 million users, and I was #55,038!
Wow I had no idea I was so early.
Wow I had no idea I was so early.
September 17, 2024 at 9:25 PM
Bluesky now has over 10 million users, and I was #55,038!
Wow I had no idea I was so early.
Wow I had no idea I was so early.
🔎 Looking for a 3-minute distraction to help me and SafeStack be more awesome. 🤩
If you are a developer or appsec person, complete my tiny survey! We are working on some cool stuff, but we really need a bit of data to help us plan.
form.jotform.com/242598632391869
If you are a developer or appsec person, complete my tiny survey! We are working on some cool stuff, but we really need a bit of data to help us plan.
form.jotform.com/242598632391869
SafeStack Simple AppSec Survey September 2024
Please click the link to complete this form.
form.jotform.com
September 17, 2024 at 2:44 AM
🔎 Looking for a 3-minute distraction to help me and SafeStack be more awesome. 🤩
If you are a developer or appsec person, complete my tiny survey! We are working on some cool stuff, but we really need a bit of data to help us plan.
form.jotform.com/242598632391869
If you are a developer or appsec person, complete my tiny survey! We are working on some cool stuff, but we really need a bit of data to help us plan.
form.jotform.com/242598632391869
Great talk by James Cooper here @owasp nz.
Coherently and clearly explaining SLSA and how to get started with it in your CI.
Coherently and clearly explaining SLSA and how to get started with it in your CI.
September 5, 2024 at 10:17 PM
Great talk by James Cooper here @owasp nz.
Coherently and clearly explaining SLSA and how to get started with it in your CI.
Coherently and clearly explaining SLSA and how to get started with it in your CI.
Getting settled for the opening keynote here @owasp.org New Zealand
Come say hi if you see me around. Look for the D&D converse and come grab some SafeStack stickers
Come say hi if you see me around. Look for the D&D converse and come grab some SafeStack stickers
September 4, 2024 at 9:12 PM
Getting settled for the opening keynote here @owasp.org New Zealand
Come say hi if you see me around. Look for the D&D converse and come grab some SafeStack stickers
Come say hi if you see me around. Look for the D&D converse and come grab some SafeStack stickers
Omg I’m in Auckland for OWASP NZ!
The locals seem friendly
The locals seem friendly
September 4, 2024 at 7:11 PM
Omg I’m in Auckland for OWASP NZ!
The locals seem friendly
The locals seem friendly
Finally remembered this account.
What did I miss?
What did I miss?
February 22, 2024 at 7:12 AM
Finally remembered this account.
What did I miss?
What did I miss?