The slides from my talk at Austin ISSA yesterday are online here:
The title of the talk was: Structuring and Scaling an Application Security Program
And the abstract was:
Most organizations understand that the software they develop and deploy exposes them to risk from attackers. However the scope of the problem can be daunting. This talk looks at challenges organizations face when trying to structure and scale their application security programs and looks at strategies leading organizations have adopted to help make them successful. Using OWASP’s Open Software Assurance Maturity Model (OpenSAMM), the presentation looks at how development teams can plan to design and build applications securely via secure coding training, security requirements and threat modeling and how security teams can help evaluate the security of what development teams have produced via automated scanning as well as manual testing. In addition, the presentation discusses how both security and development teams can prepare to respond to issues that will inevitably arise so that they can most effectively diagnose and correct issues in a timely manner.
Thanks to the Austin ISSA folks for having me there to give a talk. I look forward to coming back again soon.