OWASP MSP March Chapter Meeting

Welcome to OWASP MSP in 2016

Our March Chapter meeting is scheduled for March 8th.

Location - Best Buy Hq - Use the Visitor parking off Penn and the Visitor Entrance.

We welcome Matt Tesauro: Matt Tesauro is the Senior Software Security Engineer at Pearson and was previously the Senior Product Security Engineer at Rackspace. He is also an Adjunct Professor for the University of Texas Computer Science department teaching the next generation of CS students about Application Security. Matt is broadly experienced information security professional of 15 years specializing in application and cloud security. He has also presented and provided trainings at various international industry events including DHS Software Assurance Workshop, OpenStack Summit, SANS AppSec Summit, AppSec US, EU and LATAM. His work has included security consulting, penetration testing, threat modeling, code reviews, training and teaching at the University of Texas and Texas A&M University. He is a former board member of the OWASP Foundation and project lead for OWASP AppSec Pipeline & WTE project - a collection of application security testing tools. He holds two degrees from A&M University and several security and Linux certifications.

Doing App Sec at Scale -

How many applications are in your company’s portfolio? What’s the headcount for your AppSec team? Whatever your situation is, I am sure the numbers are not in your favor. Its not time to find a new career, it’s time to up your game. This talk will cover how to take your small merry band of AppSec professionals and scale it up to a virtual army. By taking the best of DevOps, Agile and CI/CD, you can iteratively up your AppSec game over time and begin your ascent out of the security hole you are in.

The talk covers real world experiences running AppSec groups at two different companies. Rackspace with approximately 4,000+ employees and Pearson with 40,000+. Both have an international presence and far more apps and developers that AppSec staff. The talk covers the key principles to speed and scale up AppSec programs as well as practical examples of these practices put into use. Example results? How about under a minute to provision recurring static scanning of an application? How about 24/7 remediation advice available to any developer – even while you sleep. Report generation – in minutes. Automation, Orchestration, ChatOps, its all in our AppSec Pipeline. Start early and begin to buy down the technical security dept which feels inevitable using traditional AppSec program thinking.

Please register at:

https://www.eventbrite.com/e/owasp-msp-march-2016-chapter-meeting-tickets-22067016039