I am employed as a Principal Security Architect at Adobe at the time I published this article. All opinions are my own. Page content will be added later. For now you can watch the video on YouTube. recording: How to Ace Your Interview - Navigating the Product Security Interview in 20 minutes| Florian Noeding's blog
I am employed as a Principal Security Architect at Adobe at the time I published this article. All opinions are my own. Lessons learned and advice I’m giving to my mentees: how to get into cybersecurity or advance their careers. This talk covers my own journey spanning 15 years of professional experience to eventually achieving the Principal (director-level, just no reports) level at Adobe in 2022. I cover: how to write better resumes: Write resumes specific to the role(s) you are applying ...| Posts on Florian Noeding's blog
I am employed as a Principal Security Architect at Adobe at the time I published this article. All opinions are my own. I’m honored to share that I’ve been invited to be part of the review comittee for BSides San Francisco 2025. I’ve reviewed 100+ proposals (talks, workshops, etc.) for content quality and presentation.| Posts on Florian Noeding's blog
I am employed as a Principal Security Architect at Adobe at the time I published this article. All opinions are my own. During BSides Salt Lake City 2025 I’ve hosted a workshop to practice interviewing skills for application security / product security. Application Security interviews can be challenging, but the right preparation can set you apart. In this hands-on workshop, you’ll tackle real-world AppSec scenarios through interactive mock interviews designed to build your confidence and...| Florian Noeding's blog
I am employed as a Principal Security Architect at Adobe at the time I published this article. All opinions are my own. The world’s economy relies heavily on C/C++ applications, yet a staggering 70% of CVEs affecting these applications are due to memory safety flaws. Rewriting all code in memory-safe languages is infeasible, necessitating smarter approaches. In this talk, you’ll learn about a simplified threat model to guide efforts, how adversaries search for memory safety flaws, and mul...| Posts on Florian Noeding's blog
I am employed as a Principal Security Architect at Adobe at the time I published this article. All opinions are my own. War stories and practical advice from scaling static analysis and software composition analysis across 100s of products and 10k+ developers in a complex enterprise environment. This talk discusses feedback loops, nudging vs enforcement, thoughts on how to fix what truly matters, an adversary model and how to prioritize risks in the context of software composition analysis, s...| florian.noeding.com
Effective communication is hard: adversary journey mapping applied to curl CVE-2023-38545.| florian.noeding.com
SBOMs are awesome and make security work transparent. But if we are not careful, they might be used to enforce compliance instead of fixing what really matters.| florian.noeding.com
I am employed as a Principal Security Architect at Adobe at the time I published this article. All opinions are my own. I’m writing about Project Kodiak, Adobe’s source code analysis platform, over at Adobe’s tech blog: 2023-06-22 Overview of Project Kodiak| florian.noeding.com
Effective communication is hard: sharing intent, pyramid principle and strategies are useful tools that help me in my work as a security leader.| florian.noeding.com
I always wanted to understand how a CPU works, how it transitions from one instruction to the next and makes a computer work. So I thought: let's implement one and run a C program on it.| florian.noeding.com
Introduction into the concepts behind compilers: lexing, parsing and code generation| florian.noeding.com
How to bake German style bread at home| florian.noeding.com
I’ll start with a disclaimer: This is my personal blog, which is entirely independent of my employer. My articles and comments are my own and don’t necessarily represent my employer’s position, strategy or opinions. This is an independent blog originally launched in 2008 and restarted in 2022. Disclosure: I work for Adobe.| florian.noeding.com
Slides for a talk I held at the AWS User Group Hamburg, 2015-07-09| florian.noeding.com
What I read this week on the web| florian.noeding.com
Often one server is not enough to handle the traffic from all your clients. Here I'll describe how to distribute load across several servers.| florian.noeding.com
Thoughts about testing compilers, specifically how behavior driven testing is very useful| florian.noeding.com
Extending the compiler from the last post with more features| florian.noeding.com
Transforming the AST to generate code using the visitor pattern.| florian.noeding.com
Syntactic correctness is not enough, programs have to be semantically correct. Find out how to teach your compiler.| florian.noeding.com
Some syntactical constructs should be represented by the same AST structure. This article explains how| florian.noeding.com
Detailed explanation of the compilation steps to go from source code to abstract syntax tree| florian.noeding.com
Description of the tools used to build my toy programming language Exoself| florian.noeding.com