OWASP LA Monthly In-Person Meeting - Aug 27, 2025

TOPIC: Conquering Castle Envy – The Flawed Mindset That’s Holding Application Security Back
Join us for great networking, dinner and drinks, and see a presentation by Jeff Willams, Co-Founder and CTO, Contrast Security

ABSTRACT: Application security has spent 25 years stuck in the wrong mindset — treating software like a castle that can be fortified, inspected, and declared secure. That mental model leads to confident failure: endless scanning, training, and compliance rituals that rarely stop real threats. In this talk, we’ll re-examine AppSec’s go-to tools — threat modeling, scanning, pentesting, firewalling — through a new lens, so you can see why they keep falling short. The problem isn’t effort. It’s context. You’re trying to secure a living, breathing software city using a blueprint for a castle.

We’ll introduce a new model: Runtime Security. This isn’t theory — it’s about observing real production environments, with real users, data, connections, and threats. We’re not trying to secure a castle. Your application ecosystem is a massive, dynamic city — alive, interconnected, and always under construction. It needs monitoring, coordination, fast response, and resilience — not moats and silos. We’ll show how teams are using runtime visibility and feedback loops to focus on what matters, adapt quickly, and prove they’re making a difference. The most serious AppSec threat isn’t in your code — it’s in your head. Shift your thinking, and everything else starts to fall into place.

Thanks to our SPONSOR: Contrast Security
You can't stop what you can't see
Application Detection and Response for Modern Enterprises
Stop attacks in your applications and APIs from development to production

CODE OF CONDUCT
We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. You can find out more about our policies here:
https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy