CSOs of the Round Table – OKC Style

Yesterday I moderated the Oklahoma City Microsoft CSO Roundtable.  Just as we did in San Antonio we had a great discussion and I think everyone left with new things to think about.  The largest organizations in OKC were represented in sectors like financial services, energy and public utilities.  I have uploaded the slide deck here in the Denim Group Knowledge site.

Some interesting points to come out of the discussion:

  • Those responsible for security are concerned because increasingly sensitive assets are being made available via the web.  Because most of these security folks do not have a development background they are forced to work with development groups to help address the risk.
  • Successful organizations have multiple touchpoints during the system development lifecycle where the security group works with the software development group.  This allows security concerns to be brought up and addressed early on in the process.  This saves money and headaches later on and results in more secure systems.
  • Individuals with titles such as Security Architect are leading the charge in many organizations.  These are folks in security who look at systems as a whole.  Because of their role they are particularly well-suited to address cross-disciplinary issues like software security.

Many thanks to all of our participants.  I had a great time leading the discussion and learned a lot (as I always do) talking to the folks at large organizations who are responsible for security day-in and day-out.

–Dan
dan _at_ denimgroup.com

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Leave a Reply

Your email address will not be published. Required fields are marked *