RSA 2015: Building an Application Security Program with Sun Tzu, The Dalai Lama and Honey Badger

Slides are online from my talk at RSA this year titled “Building an Application Security Program with Sun Tzu, The Dalai Lama and Honey Badger.” This was based on a joke I made a while back with some folks that security professionals seemed to really enjoy the tough-guy war metaphors of Sun Tzu, but they’d probably make more progress in their organizations if they spent a little more time emulating the Dalai Lama. So I sent in an abstract and the RSA Crowdsourced Talks folks picked it up. I would argue that this applies to all of information security, but especially to folks trying to roll out application security programs because of the need to get development teams on your side. Kind of a flies with honey/flies with vinegar decision. In any case, slides are online here:

 

Abstract: Security pros love quoting Sun Tzu, but war-based metaphors fail with development teams because, HONEY BADGER. Instead, security teams must understand how development teams work. Accordingly, security managers should immerse themselves in the Dalai Lama’s lessons. Understanding how developers manage themselves, tools they use and their rewards is crucial to building an effective application security program.

Contact us if you’d like you’d like some support helping your development teams reach enlightenment.

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Categories: Security Programs

Leave a Reply

Your email address will not be published. Required fields are marked *