OWASP MSP Chapter Meeting

This meeting we welcome Yan Kravchenko, local chapter member and contributor to the SAMM project.

Evolution of Application Security Programs through OWASP SAMM 2.0

Application security has become one of the most important frontiers for protecting digital assets and has effectively changed focus from protecting network perimeters to ensuring security around dozens, hundreds, or even thousands of applications. Rapid growth of applications developed in each organization is fueled by availability of data and rapid development programming languages and platforms, which make it feasible to create robust applications in a fraction of the time compared to even a few years ago. Combined with a wide range of development methodologies, challenges for Application Security Programs have never been higher.

This session will cover some of the latest trends in increasing the effectiveness of Application Security Programs through the lessons learned from the evolution of the OWASP’s Software Assurance Maturity Model. Presentation will include practical suggestions aimed at increasing ability to measure, manage, and improve Information Security Programs, while forming stronger relationships with product owners and developers. Presentation will cover what everyone can expect out of OWASP SAMM 2.0 and what we can all do to help make SAMM 2.0 more helpful and relevant in the future.

Bio:
Yan Kravchenko, CISSP, CSSLP, CISA, CISM

Yan is passionate about finding ways for organizations to balance their business objectives with the ever-growing cybersecurity and regulatory challenges. Today, as Chief Technology Officer of Truonix, Yan is focused on one of the latest frontiers in the field of security: application security. In this role, Yan is creating innovative tools and services for complex enterprises to understand their application security risks and optimize their security investments. In dealing with the ever-changing cybersecurity threat landscape, Yan brings the ability to interpret and apply technical, legal, and business information to enable his clients to make informed decisions.

Over the past 20 years, Yan has worked through many IT and security evolutionary trends, learning different ways to evaluate, understand, and remediate cybersecurity risks. As a consultant, Yan performed countless security and regulatory assessments on frameworks including HIPAA/HITECH, HITRUST, PCI, NIST-CSF, ISO, and DEA EPCS. As the Chief Information Security Officer for a technology and cloud provider, Yan led all aspects of information security, privacy and regulatory compliance while mentoring and developing team members.

Yan is a frequent presenter at national and international conferences on topics ranging from advanced security and governance to application security and evolution of security industry as a whole.