JSJ 418: Security Scary Stories and How to Avoid Them with Kevin A McGrail


January 28th, 2020

1 hr 29 mins 50 secs

Your Hosts
Special Guest

About this Episode

In this episode of JavaScript Jabber the panel interviews security expert, Kevin A. McGrail. He starts by explaining what security frameworks and what they do. The panel wonders how to know if your developers are capable of self-auditing your security or if you need help. Kevin shares recommendations for companies to look at to answer that question. 

Aimee Knight explains the hell she has been in making changes to be compliant with CCPA. The panel considers how policies like this complicate security, are nearly impossible to be compliant with and how they can be weaponized. They discuss the need for technical people to be involved in writing these laws. 

Kevin explains how you can know how secure your systems actually are. He shares the culture of security first he tries to instill in the companies he trains. He also trains them on how to think like a bad guy and explains how this helps developers become security first developers. The panel discusses how scams have evolved and how the same scams are still being run. They consider the importance of automated training and teaching developers to do it right the first time.

Finally, they consider the different ways of authentication, passwords, passphrases, sim card, biometrics. Kevin warns against oversharing or announcing vacations. The panel discusses real-world tactics bad guys use. Kevin explains what he trains people to do and look out for to increase security with both social engineering and technical expertise. 


  • Aimee Knight

  • AJ O’Neal

  • Charles Max Wood

  • Dan Shappir

  • Steve Edwards


  • Kevin A McGrail



"The MaxCoders Guide to Finding Your Dream Developer Job" by Charles Max Wood is now available on Amazon. Get Your Copy Today!



Follow DevChatTV on Facebook and Twitter


Aimee Knight:

AJ O’Neal:

Dan Shappir:

Kevin A McGrail:

Steve Edwards: