Battle Tested Application Security

Explore effective strategies for building and implementing Application Security programs in this 33-minute conference talk from AppSecUSA 2018. Gain insights into the challenges of establishing AppSec functions in various organizational environments, from startups to large enterprises. Learn how to navigate the complexities of creating a security culture that goes beyond mere compliance. Discover practical approaches to driving defensive capabilities, empowering teams, and adapting to different tech cultures. Topics covered include interview techniques, avoiding unnecessary upsells, metrics, static analysis, Kaizen principles, and asset management. Benefit from the speaker's extensive experience in Financial Technology organizations and learn valuable lessons for developing robust AppSec programs tailored to your specific organizational needs.

Intro
How do you interview
Learn your tech culture
Dont take the upsell
General approach
Customer architecture
Metrics
Static Analysis
Kaizen
Waterfall Agile
Team Composition
Staffing
Funding
Asset Management
Closing