Application Security at Scale with Brook Shoenfield

Francesco interviewed Brook Shoenfield an expert in application security

In this webinar, we will explore

> SLA – working or not in application security

> What are wise measurements

> How to drive application security

> Challenges in the modern supply chain

Application security programs are challenging in nature and understanding what to measure and where is even more challenging. Brook has been running maturity exercises and maturity models for the largest



5:00 – application security story vs network security/ application security architect

10:00 – McAfee Application security programme

17:00 – Measure application security programs / Don’t Count vulnerabilities

  • Measure 1 – Security invite to the meetings
  • Measure 2 – Exception numbers / scope creeps / Conflicts and security collaboration
  • Measure 3 – requirements implemented
  • Measure 4 – Number of easy vs complex bug bounty tickets

25:00 – SDLC Policy and Procedures

27:00 – Talking with business

30:00 – Story of pentester and red teams

33:00 – Incident response

37:00 – Bug Bounty programs and the value added

40:00 – Fintech security level

45:00 – Language and more security

48:00 – Exploit prioritization

50:00 – Fixing vulnerabilities at scale and the role of appsec engineers

55:00 – Developers relations and build your appsec program

Brook Shoenfield

Brook S.E. Schoenfield wrote Secrets Of A Cyber Security Architect (2019) and Securing Systems: Applied Security Architecture and Threat Models (2015). Building In Security At Agile Speed (with James Ransome, 2021) focuses on software security for iterative development and DevOps. He has led product security architecture at McAfee (Intel) and Cisco Engineering, Autodesk IT security architecture, and Web and App security for Cisco. He is a founding member of IEEE’s Center for Secure Design and is a featured Security Architect at the Bletchley Park Museum of Computing. He contributed to Core Software Security (2014), and co-authored The Threat Modeling Manifesto (2020), Avoiding the Top 10 Security Design Flaws (2014) and Tactical Threat Modeling (2017).

Francesco Cipollone (host)

Francesco is a seasoned entrepreneur, CEO of the Contextual-based vulnerability management platform from code to cloud Phoenix Security, author of several books, host of multi-award Cyber Security & Cloud Podcast, speaker and known in the cybersecurity industry and recognized for his visionary views. He currently serves as Chapter Chair UK&I of the Cloud Security Alliance. Previously, Francesco headed HSBC’s application and cloud security and was Senior Security Consultant at AWS. Francesco has been keynoting at global conferences and has authored and co-authored several books. Outside of work, you can find me running marathons, snowboarding on the Italian slopes, and enjoying single malt whiskeys in one of my favourite London clubs.

Francesco is an internationally renowned public speaker, with multiple interviews in high-profile publications (eg. Forbes), and an author of numerous books and articles, who utilises his platform to evangelize the importance of Cloud security and cutting-edge technologies on a global scale.

Discuss this blog with our community on Slack

Join our AppSec Phoenix community on Slack to discuss this blog and other news with our professional security team

From our Blog

risk based vulnerability management how to leverage Cyber threat intelligence, contextual based information to prioritize vulnerabilities across application security and cloud security
Francesco Cipollone

Join our Mailing list!

Get all the latest news, exclusive deals, and feature updates.

x Logo: ShieldPRO
This Site Is Protected By