ladynerd, For me, #appsec will always be a human problem in a technology domain. One of the best ways we can connect with this, is to bring behavious into our understanding and threat models.
Checkout the latest SafeStack blog for how to get started with
Behavior-Driven Development (BDD) goes rogue | SafeStack https://safestack.io/blog/behavior-driven-development-goes-rogue/