最佳早午餐:我们的 AppSec 领导者分享他们的智慧
Throughout my career as an AppSec professional, I have been fortunate to meet and network with some of the industry's most incredible talent, each making their mark in helping to secure and strengthen the world's ever-increasing webs of code. At this stage in my journey (with a little more knowledge and a lot less hair!), I am often asked to speak to the future stars of software security, and it's a gig I love. However, I also understand just how important it is to be visible as a leader and mentor to those who are looking to stand tall and grow into their roles.
Recently, I was in London with some of the Secure Code Warrior team, and we hosted a brunch event with the aim of getting a handful of AppSec superstars together for networking, insights and a pastry or two. In front of more than sixty invitees, they imparted their wealth of expertise as part of an expert panel, getting everyone excited about the future of application security.
Addressing hot-button issues like how to make the most of an organization's AppSec budget, as well as several curly questions from the audience, the panel delivered some real morning magic that will undoubtedly help security managers, specialists and their developers build out viable programs within their organizations.
We were privileged to host the following leaders for the panel, Tools Vs. People: Is Your AppSec Budget Adequately Addressing Both?
- Vincent Gilbert, CISO, Societe Generale
- C̩dric Levy-B̩ncheton, CEO, Cetome
- Reena Shah, Head of Security & Privacy Culture and Awareness, M&G Prudential
- Lee Thurlow, Global AppSec Director, Pearson
- Lewis Bramfitt, Managing Director, Bramfitt Lab.
Each speaker shared their thoughts on the AppSec tools landscape (spoilers: with many organizations generating so much software, it can be a minefield selecting tools that perform every function you require. After all, no singular tool can cover it all).
Reena Shah also made an interesting point. In just a few short years, we have seen a positive shift in the perception of AppSec within large organizations, allowing for a critical element to start taking shape - the investment in people to uphold security best practice and culture:
"I think it is changing. When I started this four years ago, trying to get a budget and team when it comes to security culture and awareness was really difficult. And what I am finding now, is that it is not my challenge anymore. It's very easy for me to say, "this is the budget I need, these are the people I need, to reduce risks. I'm seeing a massive shift, and I think that's because the board - and the C-Suite - are understanding how important it is to provide funding to assist us in reducing security incidents." She said.
You can watch the full panel right now:
For me, it is incredibly refreshing to see the future of AppSec incorporating an emphasis on the right training and knowledge for the developers on the front lines, allowing them to form solid defense against age-old vulnerabilities that still rear their ugly head.
Tools provide one level of support, but really - it's time we faced facts. We simply need to stop repeating the same mistakes.
Closing the AppSec Error Loop
As part of the Leaders in AppSec brunch, I also delivered a presentation on how we can address the costly, ongoing issue of the same security vulnerabilities appearing over and over again. Tools might find them, but they're not doing much to prevent them. Developers need to be given the right training to stop their introduction in the first place.
And, well, us developers are a funny bunch. Some training is much more effective than others when it comes to engagement and retention. You can watch my presentation in full here:
An emphasis on security training, as well as general awareness and a positive culture between developers and AppSec is like kryptonite to an attacker. Those little back-door openings shut, those easy ways to our data dry up, and security superheroes are working together to make security synonymous with software quality.
Slowly, but surely, we're getting there.
Chief Executive Officer, Chairman, and Co-Founder
Secure Code Warrior可以帮助您的组织在整个软件开发生命周期中保护代码,并营造一种将网络安全放在首位的文化。无论您是 AppSec 经理、开发人员、首席信息安全官还是任何与安全相关的人,我们都可以帮助您的组织降低与不安全代码相关的风险。
预订演示
Chief Executive Officer, Chairman, and Co-Founder
Pieter Danhieux is a globally recognized security expert, with over 12 years experience as a security consultant and 8 years as a Principal Instructor for SANS teaching offensive techniques on how to target and assess organizations, systems and individuals for security weaknesses. In 2016, he was recognized as one of the Coolest Tech people in Australia (Business Insider), awarded Cyber Security Professional of the Year (AISA - Australian Information Security Association) and holds GSE, CISSP, GCIH, GCFA, GSEC, GPEN, GWAPT, GCIA certifications.
Throughout my career as an AppSec professional, I have been fortunate to meet and network with some of the industry's most incredible talent, each making their mark in helping to secure and strengthen the world's ever-increasing webs of code. At this stage in my journey (with a little more knowledge and a lot less hair!), I am often asked to speak to the future stars of software security, and it's a gig I love. However, I also understand just how important it is to be visible as a leader and mentor to those who are looking to stand tall and grow into their roles.
Recently, I was in London with some of the Secure Code Warrior team, and we hosted a brunch event with the aim of getting a handful of AppSec superstars together for networking, insights and a pastry or two. In front of more than sixty invitees, they imparted their wealth of expertise as part of an expert panel, getting everyone excited about the future of application security.
Addressing hot-button issues like how to make the most of an organization's AppSec budget, as well as several curly questions from the audience, the panel delivered some real morning magic that will undoubtedly help security managers, specialists and their developers build out viable programs within their organizations.
We were privileged to host the following leaders for the panel, Tools Vs. People: Is Your AppSec Budget Adequately Addressing Both?
- Vincent Gilbert, CISO, Societe Generale
- C̩dric Levy-B̩ncheton, CEO, Cetome
- Reena Shah, Head of Security & Privacy Culture and Awareness, M&G Prudential
- Lee Thurlow, Global AppSec Director, Pearson
- Lewis Bramfitt, Managing Director, Bramfitt Lab.
Each speaker shared their thoughts on the AppSec tools landscape (spoilers: with many organizations generating so much software, it can be a minefield selecting tools that perform every function you require. After all, no singular tool can cover it all).
Reena Shah also made an interesting point. In just a few short years, we have seen a positive shift in the perception of AppSec within large organizations, allowing for a critical element to start taking shape - the investment in people to uphold security best practice and culture:
"I think it is changing. When I started this four years ago, trying to get a budget and team when it comes to security culture and awareness was really difficult. And what I am finding now, is that it is not my challenge anymore. It's very easy for me to say, "this is the budget I need, these are the people I need, to reduce risks. I'm seeing a massive shift, and I think that's because the board - and the C-Suite - are understanding how important it is to provide funding to assist us in reducing security incidents." She said.
You can watch the full panel right now:
For me, it is incredibly refreshing to see the future of AppSec incorporating an emphasis on the right training and knowledge for the developers on the front lines, allowing them to form solid defense against age-old vulnerabilities that still rear their ugly head.
Tools provide one level of support, but really - it's time we faced facts. We simply need to stop repeating the same mistakes.
Closing the AppSec Error Loop
As part of the Leaders in AppSec brunch, I also delivered a presentation on how we can address the costly, ongoing issue of the same security vulnerabilities appearing over and over again. Tools might find them, but they're not doing much to prevent them. Developers need to be given the right training to stop their introduction in the first place.
And, well, us developers are a funny bunch. Some training is much more effective than others when it comes to engagement and retention. You can watch my presentation in full here:
An emphasis on security training, as well as general awareness and a positive culture between developers and AppSec is like kryptonite to an attacker. Those little back-door openings shut, those easy ways to our data dry up, and security superheroes are working together to make security synonymous with software quality.
Slowly, but surely, we're getting there.
Throughout my career as an AppSec professional, I have been fortunate to meet and network with some of the industry's most incredible talent, each making their mark in helping to secure and strengthen the world's ever-increasing webs of code. At this stage in my journey (with a little more knowledge and a lot less hair!), I am often asked to speak to the future stars of software security, and it's a gig I love. However, I also understand just how important it is to be visible as a leader and mentor to those who are looking to stand tall and grow into their roles.
Recently, I was in London with some of the Secure Code Warrior team, and we hosted a brunch event with the aim of getting a handful of AppSec superstars together for networking, insights and a pastry or two. In front of more than sixty invitees, they imparted their wealth of expertise as part of an expert panel, getting everyone excited about the future of application security.
Addressing hot-button issues like how to make the most of an organization's AppSec budget, as well as several curly questions from the audience, the panel delivered some real morning magic that will undoubtedly help security managers, specialists and their developers build out viable programs within their organizations.
We were privileged to host the following leaders for the panel, Tools Vs. People: Is Your AppSec Budget Adequately Addressing Both?
- Vincent Gilbert, CISO, Societe Generale
- C̩dric Levy-B̩ncheton, CEO, Cetome
- Reena Shah, Head of Security & Privacy Culture and Awareness, M&G Prudential
- Lee Thurlow, Global AppSec Director, Pearson
- Lewis Bramfitt, Managing Director, Bramfitt Lab.
Each speaker shared their thoughts on the AppSec tools landscape (spoilers: with many organizations generating so much software, it can be a minefield selecting tools that perform every function you require. After all, no singular tool can cover it all).
Reena Shah also made an interesting point. In just a few short years, we have seen a positive shift in the perception of AppSec within large organizations, allowing for a critical element to start taking shape - the investment in people to uphold security best practice and culture:
"I think it is changing. When I started this four years ago, trying to get a budget and team when it comes to security culture and awareness was really difficult. And what I am finding now, is that it is not my challenge anymore. It's very easy for me to say, "this is the budget I need, these are the people I need, to reduce risks. I'm seeing a massive shift, and I think that's because the board - and the C-Suite - are understanding how important it is to provide funding to assist us in reducing security incidents." She said.
You can watch the full panel right now:
For me, it is incredibly refreshing to see the future of AppSec incorporating an emphasis on the right training and knowledge for the developers on the front lines, allowing them to form solid defense against age-old vulnerabilities that still rear their ugly head.
Tools provide one level of support, but really - it's time we faced facts. We simply need to stop repeating the same mistakes.
Closing the AppSec Error Loop
As part of the Leaders in AppSec brunch, I also delivered a presentation on how we can address the costly, ongoing issue of the same security vulnerabilities appearing over and over again. Tools might find them, but they're not doing much to prevent them. Developers need to be given the right training to stop their introduction in the first place.
And, well, us developers are a funny bunch. Some training is much more effective than others when it comes to engagement and retention. You can watch my presentation in full here:
An emphasis on security training, as well as general awareness and a positive culture between developers and AppSec is like kryptonite to an attacker. Those little back-door openings shut, those easy ways to our data dry up, and security superheroes are working together to make security synonymous with software quality.
Slowly, but surely, we're getting there.
点击下面的链接并下载此资源的PDF。
Secure Code Warrior可以帮助您的组织在整个软件开发生命周期中保护代码,并营造一种将网络安全放在首位的文化。无论您是 AppSec 经理、开发人员、首席信息安全官还是任何与安全相关的人,我们都可以帮助您的组织降低与不安全代码相关的风险。
查看报告预订演示
Chief Executive Officer, Chairman, and Co-Founder
Pieter Danhieux is a globally recognized security expert, with over 12 years experience as a security consultant and 8 years as a Principal Instructor for SANS teaching offensive techniques on how to target and assess organizations, systems and individuals for security weaknesses. In 2016, he was recognized as one of the Coolest Tech people in Australia (Business Insider), awarded Cyber Security Professional of the Year (AISA - Australian Information Security Association) and holds GSE, CISSP, GCIH, GCFA, GSEC, GPEN, GWAPT, GCIA certifications.
Throughout my career as an AppSec professional, I have been fortunate to meet and network with some of the industry's most incredible talent, each making their mark in helping to secure and strengthen the world's ever-increasing webs of code. At this stage in my journey (with a little more knowledge and a lot less hair!), I am often asked to speak to the future stars of software security, and it's a gig I love. However, I also understand just how important it is to be visible as a leader and mentor to those who are looking to stand tall and grow into their roles.
Recently, I was in London with some of the Secure Code Warrior team, and we hosted a brunch event with the aim of getting a handful of AppSec superstars together for networking, insights and a pastry or two. In front of more than sixty invitees, they imparted their wealth of expertise as part of an expert panel, getting everyone excited about the future of application security.
Addressing hot-button issues like how to make the most of an organization's AppSec budget, as well as several curly questions from the audience, the panel delivered some real morning magic that will undoubtedly help security managers, specialists and their developers build out viable programs within their organizations.
We were privileged to host the following leaders for the panel, Tools Vs. People: Is Your AppSec Budget Adequately Addressing Both?
- Vincent Gilbert, CISO, Societe Generale
- C̩dric Levy-B̩ncheton, CEO, Cetome
- Reena Shah, Head of Security & Privacy Culture and Awareness, M&G Prudential
- Lee Thurlow, Global AppSec Director, Pearson
- Lewis Bramfitt, Managing Director, Bramfitt Lab.
Each speaker shared their thoughts on the AppSec tools landscape (spoilers: with many organizations generating so much software, it can be a minefield selecting tools that perform every function you require. After all, no singular tool can cover it all).
Reena Shah also made an interesting point. In just a few short years, we have seen a positive shift in the perception of AppSec within large organizations, allowing for a critical element to start taking shape - the investment in people to uphold security best practice and culture:
"I think it is changing. When I started this four years ago, trying to get a budget and team when it comes to security culture and awareness was really difficult. And what I am finding now, is that it is not my challenge anymore. It's very easy for me to say, "this is the budget I need, these are the people I need, to reduce risks. I'm seeing a massive shift, and I think that's because the board - and the C-Suite - are understanding how important it is to provide funding to assist us in reducing security incidents." She said.
You can watch the full panel right now:
For me, it is incredibly refreshing to see the future of AppSec incorporating an emphasis on the right training and knowledge for the developers on the front lines, allowing them to form solid defense against age-old vulnerabilities that still rear their ugly head.
Tools provide one level of support, but really - it's time we faced facts. We simply need to stop repeating the same mistakes.
Closing the AppSec Error Loop
As part of the Leaders in AppSec brunch, I also delivered a presentation on how we can address the costly, ongoing issue of the same security vulnerabilities appearing over and over again. Tools might find them, but they're not doing much to prevent them. Developers need to be given the right training to stop their introduction in the first place.
And, well, us developers are a funny bunch. Some training is much more effective than others when it comes to engagement and retention. You can watch my presentation in full here:
An emphasis on security training, as well as general awareness and a positive culture between developers and AppSec is like kryptonite to an attacker. Those little back-door openings shut, those easy ways to our data dry up, and security superheroes are working together to make security synonymous with software quality.
Slowly, but surely, we're getting there.
帮助您入门的资源
%20(1).avif)
.avif)
Threat Modeling with AI: Turning Every Developer into a Threat Modeler
Walk away better equipped to help developers combine threat modeling ideas and techniques with the AI tools they're already using to strengthen security, improve collaboration, and build more resilient software from the start.
