Costs of Coding to Compliance

Explore the challenges of balancing security and compliance in software development through this insightful conference talk from APPSEC Cali 2018. Delve into the pitfalls of coding solely to meet compliance standards like PCI, and discover how this approach can lead to security gaps and increased risk. Learn strategies for addressing these gaps, planning for future risks, and prioritizing security initiatives to better manage application security risks while supporting compliance efforts. Gain valuable insights on implementing a framework that combines secure coding practices with compliance requirements, ultimately hardening applications and improving overall security posture. Understand how a more mature security approach can benefit even robust applications while meeting compliance standards for application security. Presented by Magen Wu, a Senior Consultant at Rapid7 with over 10 years of specialized IT experience, this talk covers topics such as security metrics, security maturity models, PCI compliance, multifactor authentication, security lifecycle development cycles, and the importance of cultural shifts in addressing security challenges.

Intro
Security vs Compliance
Most Significant Driver
Least Resistance
Security Metrics
Security Maturity Model
Customer Story
Building a Gate
PCI Compliance
Multifactor
Theres no easy button
Culture shift
People problem
Compliance tree
Red Rover
Security to Compliance
Security Lifecycle Development Cycle
Bring in HR
Next steps
Contact information
Response to developers