Blog

Best of the Brunch: Our Leaders in AppSec Share Their Wisdom

Pieter Danhieux
Published Jun 05, 2019

Throughout my career as an AppSec professional, I have been fortunate to meet and network with some of the industry's most incredible talent, each making their mark in helping to secure and strengthen the world's ever-increasing webs of code. At this stage in my journey (with a little more knowledge and a lot less hair!), I am often asked to speak to the future stars of software security, and it's a gig I love. However, I also understand just how important it is to be visible as a leader and mentor to those who are looking to stand tall and grow into their roles.

Recently, I was in London with some of the Secure Code Warrior team, and we hosted a brunch event with the aim of getting a handful of AppSec superstars together for networking, insights and a pastry or two. In front of more than sixty invitees, they imparted their wealth of expertise as part of an expert panel, getting everyone excited about the future of application security.

Addressing hot-button issues like how to make the most of an organization's AppSec budget, as well as several curly questions from the audience, the panel delivered some real morning magic that will undoubtedly help security managers, specialists and their developers build out viable programs within their organizations.

We were privileged to host the following leaders for the panel, Tools Vs. People: Is Your AppSec Budget Adequately Addressing Both?

Each speaker shared their thoughts on the AppSec tools landscape (spoilers: with many organizations generating so much software, it can be a minefield selecting tools that perform every function you require. After all, no singular tool can cover it all).

Reena Shah also made an interesting point. In just a few short years, we have seen a positive shift in the perception of AppSec within large organizations, allowing for a critical element to start taking shape - the investment in people to uphold security best practice and culture:

"I think it is changing. When I started this four years ago, trying to get a budget and team when it comes to security culture and awareness was really difficult. And what I am finding now, is that it is not my challenge anymore. It's very easy for me to say, "this is the budget I need, these are the people I need, to reduce risks. I'm seeing a massive shift, and I think that's because the board - and the C-Suite - are understanding how important it is to provide funding to assist us in reducing security incidents." She said.

You can watch the full panel right now:

For me, it is incredibly refreshing to see the future of AppSec incorporating an emphasis on the right training and knowledge for the developers on the front lines, allowing them to form solid defense against age-old vulnerabilities that still rear their ugly head.

Tools provide one level of support, but really - it's time we faced facts. We simply need to stop repeating the same mistakes.

Closing the AppSec Error Loop

As part of the Leaders in AppSec brunch, I also delivered a presentation on how we can address the costly, ongoing issue of the same security vulnerabilities appearing over and over again. Tools might find them, but they're not doing much to prevent them. Developers need to be given the right training to stop their introduction in the first place.

And, well, us developers are a funny bunch. Some training is much more effective than others when it comes to engagement and retention. You can watch my presentation in full here:

An emphasis on security training, as well as general awareness and a positive culture between developers and AppSec is like kryptonite to an attacker. Those little back-door openings shut, those easy ways to our data dry up, and security superheroes are working together to make security synonymous with software quality.

Slowly, but surely, we're getting there.

View Resource
View Resource

Addressing hot-button issues like how to make the most of an organization's AppSec budget, as well as several curly questions from the audience, the Leaders in AppSec panel delivered some real morning magic that will help security specialists build out viable programs within their organizations.

Interested in more?

Chief Executive Officer, Chairman, and Co-Founder

Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.

Book a demo
Share on:
Author
Pieter Danhieux
Published Jun 05, 2019

Chief Executive Officer, Chairman, and Co-Founder

Pieter Danhieux is a globally recognized security expert, with over 12 years experience as a security consultant and 8 years as a Principal Instructor for SANS teaching offensive techniques on how to target and assess organizations, systems and individuals for security weaknesses. In 2016, he was recognized as one of the Coolest Tech people in Australia (Business Insider), awarded Cyber Security Professional of the Year (AISA - Australian Information Security Association) and holds GSE, CISSP, GCIH, GCFA, GSEC, GPEN, GWAPT, GCIA certifications.

Share on:

Throughout my career as an AppSec professional, I have been fortunate to meet and network with some of the industry's most incredible talent, each making their mark in helping to secure and strengthen the world's ever-increasing webs of code. At this stage in my journey (with a little more knowledge and a lot less hair!), I am often asked to speak to the future stars of software security, and it's a gig I love. However, I also understand just how important it is to be visible as a leader and mentor to those who are looking to stand tall and grow into their roles.

Recently, I was in London with some of the Secure Code Warrior team, and we hosted a brunch event with the aim of getting a handful of AppSec superstars together for networking, insights and a pastry or two. In front of more than sixty invitees, they imparted their wealth of expertise as part of an expert panel, getting everyone excited about the future of application security.

Addressing hot-button issues like how to make the most of an organization's AppSec budget, as well as several curly questions from the audience, the panel delivered some real morning magic that will undoubtedly help security managers, specialists and their developers build out viable programs within their organizations.

We were privileged to host the following leaders for the panel, Tools Vs. People: Is Your AppSec Budget Adequately Addressing Both?

Each speaker shared their thoughts on the AppSec tools landscape (spoilers: with many organizations generating so much software, it can be a minefield selecting tools that perform every function you require. After all, no singular tool can cover it all).

Reena Shah also made an interesting point. In just a few short years, we have seen a positive shift in the perception of AppSec within large organizations, allowing for a critical element to start taking shape - the investment in people to uphold security best practice and culture:

"I think it is changing. When I started this four years ago, trying to get a budget and team when it comes to security culture and awareness was really difficult. And what I am finding now, is that it is not my challenge anymore. It's very easy for me to say, "this is the budget I need, these are the people I need, to reduce risks. I'm seeing a massive shift, and I think that's because the board - and the C-Suite - are understanding how important it is to provide funding to assist us in reducing security incidents." She said.

You can watch the full panel right now:

For me, it is incredibly refreshing to see the future of AppSec incorporating an emphasis on the right training and knowledge for the developers on the front lines, allowing them to form solid defense against age-old vulnerabilities that still rear their ugly head.

Tools provide one level of support, but really - it's time we faced facts. We simply need to stop repeating the same mistakes.

Closing the AppSec Error Loop

As part of the Leaders in AppSec brunch, I also delivered a presentation on how we can address the costly, ongoing issue of the same security vulnerabilities appearing over and over again. Tools might find them, but they're not doing much to prevent them. Developers need to be given the right training to stop their introduction in the first place.

And, well, us developers are a funny bunch. Some training is much more effective than others when it comes to engagement and retention. You can watch my presentation in full here:

An emphasis on security training, as well as general awareness and a positive culture between developers and AppSec is like kryptonite to an attacker. Those little back-door openings shut, those easy ways to our data dry up, and security superheroes are working together to make security synonymous with software quality.

Slowly, but surely, we're getting there.

View Resource
View Resource

Fill out the form below to download the report

We would like your permission to send you information on our products and/or related secure coding topics. We’ll always treat your personal details with the utmost care and will never sell them to other companies for marketing purposes.

Submit
To submit the form, please enable 'Analytics' cookies. Feel free to disable them again once you're done.

Throughout my career as an AppSec professional, I have been fortunate to meet and network with some of the industry's most incredible talent, each making their mark in helping to secure and strengthen the world's ever-increasing webs of code. At this stage in my journey (with a little more knowledge and a lot less hair!), I am often asked to speak to the future stars of software security, and it's a gig I love. However, I also understand just how important it is to be visible as a leader and mentor to those who are looking to stand tall and grow into their roles.

Recently, I was in London with some of the Secure Code Warrior team, and we hosted a brunch event with the aim of getting a handful of AppSec superstars together for networking, insights and a pastry or two. In front of more than sixty invitees, they imparted their wealth of expertise as part of an expert panel, getting everyone excited about the future of application security.

Addressing hot-button issues like how to make the most of an organization's AppSec budget, as well as several curly questions from the audience, the panel delivered some real morning magic that will undoubtedly help security managers, specialists and their developers build out viable programs within their organizations.

We were privileged to host the following leaders for the panel, Tools Vs. People: Is Your AppSec Budget Adequately Addressing Both?

Each speaker shared their thoughts on the AppSec tools landscape (spoilers: with many organizations generating so much software, it can be a minefield selecting tools that perform every function you require. After all, no singular tool can cover it all).

Reena Shah also made an interesting point. In just a few short years, we have seen a positive shift in the perception of AppSec within large organizations, allowing for a critical element to start taking shape - the investment in people to uphold security best practice and culture:

"I think it is changing. When I started this four years ago, trying to get a budget and team when it comes to security culture and awareness was really difficult. And what I am finding now, is that it is not my challenge anymore. It's very easy for me to say, "this is the budget I need, these are the people I need, to reduce risks. I'm seeing a massive shift, and I think that's because the board - and the C-Suite - are understanding how important it is to provide funding to assist us in reducing security incidents." She said.

You can watch the full panel right now:

For me, it is incredibly refreshing to see the future of AppSec incorporating an emphasis on the right training and knowledge for the developers on the front lines, allowing them to form solid defense against age-old vulnerabilities that still rear their ugly head.

Tools provide one level of support, but really - it's time we faced facts. We simply need to stop repeating the same mistakes.

Closing the AppSec Error Loop

As part of the Leaders in AppSec brunch, I also delivered a presentation on how we can address the costly, ongoing issue of the same security vulnerabilities appearing over and over again. Tools might find them, but they're not doing much to prevent them. Developers need to be given the right training to stop their introduction in the first place.

And, well, us developers are a funny bunch. Some training is much more effective than others when it comes to engagement and retention. You can watch my presentation in full here:

An emphasis on security training, as well as general awareness and a positive culture between developers and AppSec is like kryptonite to an attacker. Those little back-door openings shut, those easy ways to our data dry up, and security superheroes are working together to make security synonymous with software quality.

Slowly, but surely, we're getting there.

Interested in more?

Chief Executive Officer, Chairman, and Co-Founder

Click on the link below and download the PDF of this one pager.

Download

Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.

View reportBook a demo
Share on:
Interested in more?

Share on:
Author
Pieter Danhieux
Published Jun 05, 2019

Chief Executive Officer, Chairman, and Co-Founder

Pieter Danhieux is a globally recognized security expert, with over 12 years experience as a security consultant and 8 years as a Principal Instructor for SANS teaching offensive techniques on how to target and assess organizations, systems and individuals for security weaknesses. In 2016, he was recognized as one of the Coolest Tech people in Australia (Business Insider), awarded Cyber Security Professional of the Year (AISA - Australian Information Security Association) and holds GSE, CISSP, GCIH, GCFA, GSEC, GPEN, GWAPT, GCIA certifications.

Share on:

Throughout my career as an AppSec professional, I have been fortunate to meet and network with some of the industry's most incredible talent, each making their mark in helping to secure and strengthen the world's ever-increasing webs of code. At this stage in my journey (with a little more knowledge and a lot less hair!), I am often asked to speak to the future stars of software security, and it's a gig I love. However, I also understand just how important it is to be visible as a leader and mentor to those who are looking to stand tall and grow into their roles.

Recently, I was in London with some of the Secure Code Warrior team, and we hosted a brunch event with the aim of getting a handful of AppSec superstars together for networking, insights and a pastry or two. In front of more than sixty invitees, they imparted their wealth of expertise as part of an expert panel, getting everyone excited about the future of application security.

Addressing hot-button issues like how to make the most of an organization's AppSec budget, as well as several curly questions from the audience, the panel delivered some real morning magic that will undoubtedly help security managers, specialists and their developers build out viable programs within their organizations.

We were privileged to host the following leaders for the panel, Tools Vs. People: Is Your AppSec Budget Adequately Addressing Both?

Each speaker shared their thoughts on the AppSec tools landscape (spoilers: with many organizations generating so much software, it can be a minefield selecting tools that perform every function you require. After all, no singular tool can cover it all).

Reena Shah also made an interesting point. In just a few short years, we have seen a positive shift in the perception of AppSec within large organizations, allowing for a critical element to start taking shape - the investment in people to uphold security best practice and culture:

"I think it is changing. When I started this four years ago, trying to get a budget and team when it comes to security culture and awareness was really difficult. And what I am finding now, is that it is not my challenge anymore. It's very easy for me to say, "this is the budget I need, these are the people I need, to reduce risks. I'm seeing a massive shift, and I think that's because the board - and the C-Suite - are understanding how important it is to provide funding to assist us in reducing security incidents." She said.

You can watch the full panel right now:

For me, it is incredibly refreshing to see the future of AppSec incorporating an emphasis on the right training and knowledge for the developers on the front lines, allowing them to form solid defense against age-old vulnerabilities that still rear their ugly head.

Tools provide one level of support, but really - it's time we faced facts. We simply need to stop repeating the same mistakes.

Closing the AppSec Error Loop

As part of the Leaders in AppSec brunch, I also delivered a presentation on how we can address the costly, ongoing issue of the same security vulnerabilities appearing over and over again. Tools might find them, but they're not doing much to prevent them. Developers need to be given the right training to stop their introduction in the first place.

And, well, us developers are a funny bunch. Some training is much more effective than others when it comes to engagement and retention. You can watch my presentation in full here:

An emphasis on security training, as well as general awareness and a positive culture between developers and AppSec is like kryptonite to an attacker. Those little back-door openings shut, those easy ways to our data dry up, and security superheroes are working together to make security synonymous with software quality.

Slowly, but surely, we're getting there.

Table of contents

View Resource
Interested in more?

Chief Executive Officer, Chairman, and Co-Founder

Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.

Book a demoDownload
Share on:
Resource hub

Resources to get you started

More posts
Resource hub

Resources to get you started

More posts