Recently decided to take a secure Java coding course from SANS, partially because it’s good to brush up on the latest attacks, countermeasures and practices, but to be honest, mostly to log some CPEs for my CISSP certification. The course is part of the SANS Application Security (AppSec) curriculum. Here’s an overview of the course, and my review of it’s content.

The course is 4 days, and is taught in three different ways: live, via vLive (virtual classroom) and On Demand. I chose the On Demand option, which included the course books, a VMWare image with Linux and the software pre-loaded for the labs, and time-limited access (90 days) to the SANS training portal, where I could view pre-recorded sessions and take the quizzes. I ended up taking the course over the span of about 5 weeks, due to other commitments interrupting my progress. Read more



While lots of sites on line describe adding the @Secured tag to your Spring Security-enabled web app, and some even describe role hierarchies, I was unable to find any that did so with JavaConfig. Most of them wanted to give me XML, which isn’t where I wanted to go today. Here’s what I’ve learned, in the hopes it saves you some time. Read more



A New Direction

September 2, 2015 | Leave a Comment

Hello Internet!

It’s been a while. It seems like once I start working with a client, I tend to stop blogging. This is partly out of respect for a client’s privacy and confidentiality, and partially out of making the most of their billable time. This is of course just another way of saying I’ve been negligent, and have not written a post in quite some time…

In my defense, I spent the better part of the last two years working for a client who, for various reasons I can’t go in to, wanted input from me, but was uninterested in acting on the input I provided to them. Needless to say, this was rather frustrating, and left me feeling like if I did write a post, it was likely to be less than charitable. Having finished up with this client at the end of June, I now need to resume blogging.

I’ve decided on a change of direction for Adept Technologies. To date, I’ve focused on development, agile coaching and security, all relatively low-level services. With some good advice from friends and former co-workers, I’ve decided to refocus on a broader suite of CTO-like services, particularly to start-up firms requiring custom software: “hardware-up” type services for customers who need staff to perform many roles in order to be efficient. I’ve been working lately with a Milwaukee start-up named Wellntel ( in just such a capacity, and it’s worked out well for both them and me.

I’ve been the sole person identifying what it is they want and need, and have done everything from identifying requirements and architecting the solution to setting up servers in the Google Compute Engine, creating the PostgreSQL schema and deploying the database, setting up the application servers, writing and testing the code, and even setting up the CI, build and deployment pipelines. Typically these activities take many specialists, but Wellntel has been able to use my services to do all these things, and more.

Along the way, I’ve been making extensive use of Spring (core, JPA, Security, and MVC), Hibernate, PostgreSQL, and JQuery, all with JavaConfig rather than XML. While there are lots of resources out on the ‘net covering the parts of this architecture, and in using XML to do so, resources that put it all together seem few and far between. I will likely be posting some bits and pieces of what I’ve done in future posts.

For now, I’m looking to add additional clients in need of the same types of services.


WP Themes