Francesco interviewed Brook Shoenfield an expert in application security
In this webinar, we will explore
> SLA – working or not in application security
> What are wise measurements
> How to drive application security
> Challenges in the modern supply chain
Application security programs are challenging in nature and understanding what to measure and where is even more challenging. Brook has been running maturity exercises and maturity models for the largest
Organization.
Transcript:
5:00 – application security story vs network security/ application security architect
10:00 – McAfee Application security programme
17:00 – Measure application security programs / Don’t Count vulnerabilities
- Measure 1 – Security invite to the meetings
- Measure 2 – Exception numbers / scope creeps / Conflicts and security collaboration
- Measure 3 – requirements implemented
- Measure 4 – Number of easy vs complex bug bounty tickets
25:00 – SDLC Policy and Procedures
27:00 – Talking with business
30:00 – Story of pentester and red teams
33:00 – Incident response
37:00 – Bug Bounty programs and the value added
40:00 – Fintech security level
45:00 – Language and more security
48:00 – Exploit prioritization
50:00 – Fixing vulnerabilities at scale and the role of appsec engineers
55:00 – Developers relations and build your appsec program
Brook Shoenfield
Brook S.E. Schoenfield wrote Secrets Of A Cyber Security Architect (2019) and Securing Systems: Applied Security Architecture and Threat Models (2015). Building In Security At Agile Speed (with James Ransome, 2021) focuses on software security for iterative development and DevOps. He has led product security architecture at McAfee (Intel) and Cisco Engineering, Autodesk IT security architecture, and Web and App security for Cisco. He is a founding member of IEEE’s Center for Secure Design and is a featured Security Architect at the Bletchley Park Museum of Computing. He contributed to Core Software Security (2014), and co-authored The Threat Modeling Manifesto (2020), Avoiding the Top 10 Security Design Flaws (2014) and Tactical Threat Modeling (2017).
Francesco Cipollone (host)
Francesco is a seasoned entrepreneur, CEO of the Contextual-based vulnerability management platform from code to cloud Phoenix Security, author of several books, host of multi-award Cyber Security & Cloud Podcast, speaker and known in the cybersecurity industry and recognized for his visionary views. He currently serves as Chapter Chair UK&I of the Cloud Security Alliance. Previously, Francesco headed HSBC’s application and cloud security and was Senior Security Consultant at AWS. Francesco has been keynoting at global conferences and has authored and co-authored several books. Outside of work, you can find me running marathons, snowboarding on the Italian slopes, and enjoying single malt whiskeys in one of my favourite London clubs.