What we're about
Upcoming events (1)
This webinar will be a “state of the union” for software security, the state of AppSec art: The good, the bad, and the truly ugly. Over the last 15 years, the engineering and craft of software development have changed radically. Open source, Agile, virtualization, cloud, software-defined networks (SDN), microservice architecture, continuous integration and delivery (CI/CD), DevOps, etc., have each matured. Importantly, over the last few years, these threads have come together into an expectation that this is “how software is developed and operated”. Has software security/AppSec kept pace? Deeply held and widely employed myths continue to hold security practices back despite readily available evidence to the contrary. In addition, the pace of new security tooling and automation continues to increase. While not every task can be fully automated (yet!), a lot can if done correctly and with realistic expectations. We will plumb several common misunderstandings and describe the techniques that can meet our real-world challenges. Join Brook S.E. Schoenfield for a survey of typical problems and real-world solutions.
About the speaker:
Brook S.E. Schoenfield is the author of Secrets Of A Cyber Security Architect (Auerbach, 2019) and Securing Systems: Applied Security Architecture and Threat Models (CRC Press, 2015). Building In Security At Agile Speed (with James Ransome, Auerbach, 2021), focuses on software security for continuous development practices and DevOps. Brook helps clients with their software security and secure design practices. He mentors technical leaders to effectively deliver security strategy. He is a technical leader and advisor to Resilient Software Security, LLC and True Positives, LLC. Previously, he technically led product security architecture at McAfee (Intel), Cisco Engineering, IT security architecture at Autodesk, and Web and Application Security for Cisco Infosec. He is a founding member of IEEE’s Center for Secure Design and is a featured Security Architect at the Bletchley Park Museum of Computing. He is the originator of Baseline Application Vulnerability Assessment (BAVA), Just Good Enough Risk Rating (JGERR), Architecture, Threats, Attack Surfaces and Mitigations (ATASM), and developer-centric security. He contributed to Core Software Security (CRC Press, 2014), and co-authored The Threat Modeling Manifesto (2020), Avoiding the Top 10 Security Design Flaws (IEEE, 2014), and Tactical Threat Modeling (SAFECode, 2017)