Capital One's Secure Development Strategy

In this interview with Lee Thurlow, Head of AppSec at Marks and Spencer we discuss why AppSec is usually put towards the bottom of the list when it comes to the overall security budget. In this session you will learn:
- How to change the narrative to position AppSec as a high priority for your organisation
- How the cost of breaches are rapidly increasing

About this Webinar
Do your development teams treat application security training as a check the box exercise? Do you wish they would engage more with cybersecurity and even take ownership? This session covers tips for creating an application security training program where developers will come to you! And you can accomplish this without having to build your training from the ground up. Join this session to learn a few practical tips on how to make an outstanding application security training experience.

Key items:

- How to create an engaging story to draw an audience
- Making Buy vs Build & Optional vs Mandatory decisions
- Applying basic marketing principles to training
- Attracting a community of instructors

About this Webinar
Do your development teams treat application security training as a check the box exercise? Do you wish they would engage more with cybersecurity and even take ownership? This session covers tips for creating an application security training program where developers will come to you! And you can accomplish this without having to build your training from the ground up. Join this session to learn a few practical tips on how to make an outstanding application security training experience.

Key items:

- How to create an engaging story to draw an audience
- Making Buy vs Build & Optional vs Mandatory decisions
- Applying basic marketing principles to training
- Attracting a community of instructors

Key Takeaways:
* What culture changes from traditional development (agile) to DevOps?
* What are the ways to integrate security testing into DevOps CI/CD pipelines?
* What kind of experimentation and staff is needed to effectively roll out DevOps programs?

Key Takeaways:
* What culture changes from traditional development (agile) to DevOps?
* What are the ways to integrate security testing into DevOps CI/CD pipelines?
* What kind of experimentation and staff is needed to effectively roll out DevOps programs?

Sometimes it can feel extremely overwhelming when running into the project of a SOC report. That's why we've teamed up with some industry experts to talk through some of their top tips for when trying to get a SOC2 report. Watch this webinar to learn:
- What a report looks like
- What the difference is between type 1 and 2 report
- What controls are needed
- Top tips for when trying to get a SOC 2 report
- How coding practices come into play in SOC 2

Smart Products, Internet of Things, Automated Control and Management of production and distribution systems are just some of the things fueling the development of embedded systems. But as we rely more and more on products and processes that have embedded software what are the impacts of security vulnerabilities in those systems for their operation, privacy and safety and how do we mitigate them?

Hear from Secure Code Warriors’ CTO Matias Modou on the steps you can take to reduce the number of common vulnerabilities in the systems you produce whilst accelerating time to delivery and reducing costs.

For a long time, organisations have been aware of the growing application security risk surrounding their software. With data breaches seemingly announced every other day, many are working quickly to lower their risk exposure and secure the valuable data that could potentially be accessed by unscrupulous attackers.

The strategy employed to mitigate risk is often tool-centric, with SAST /IAST /DAST scanning tools playing a major role in finding vulnerable code that could be exploited within applications. However, with the immense cost and frequently ineffective results, many companies are searching for their 11magic bullet11 to reduce risk.

Meet a panel of experts who will tell their stories of success, including their own strategies for balancing tools with adequate training and people investment, in order to achieve the security best practice needed to safely navigate a world of increased scrutiny and attack potency.

IT Security Specialist, Grant Ongers will take a look at:
- The rapid changing world of software
- How security is becoming a non-optional aspect of software development
- Importance of shared security responsibility between traditional security and development teams

Key Takeaways:
* What culture changes from traditional development (agile) to DevOps?
* What are the ways to integrate security testing into DevOps CI/CD pipelines?
* What kind of experimentation and staff is needed to effectively roll out DevOps programs?

For a long time, organisations have been aware of the growing application security risk surrounding their software. With data breaches seemingly announced every other day, many are working quickly to lower their risk exposure and secure the valuable data that could potentially be accessed by unscrupulous attackers.

The strategy employed to mitigate risk is often tool-centric, with SAST /IAST /DAST scanning tools playing a major role in finding vulnerable code that could be exploited within applications. However, with the immense cost and frequently ineffective results, many companies are searching for their 11magic bullet11 to reduce risk.

Meet a panel of experts who will tell their stories of success, including their own strategies for balancing tools with adequate training and people investment, in order to achieve the security best practice needed to safely navigate a world of increased scrutiny and attack potency.

IT Security Specialist, Grant Ongers will take a look at:
- The rapid changing world of software
- How security is becoming a non-optional aspect of software development
- Importance of shared security responsibility between traditional security and development teams

Key Takeaways:
* What culture changes from traditional development (agile) to DevOps?
* What are the ways to integrate security testing into DevOps CI/CD pipelines?
* What kind of experimentation and staff is needed to effectively roll out DevOps programs?

For a long time, organisations have been aware of the growing application security risk surrounding their software. With data breaches seemingly announced every other day, many are working quickly to lower their risk exposure and secure the valuable data that could potentially be accessed by unscrupulous attackers.

The strategy employed to mitigate risk is often tool-centric, with SAST /IAST /DAST scanning tools playing a major role in finding vulnerable code that could be exploited within applications. However, with the immense cost and frequently ineffective results, many companies are searching for their 11magic bullet11 to reduce risk.

Meet a panel of experts who will tell their stories of success, including their own strategies for balancing tools with adequate training and people investment, in order to achieve the security best practice needed to safely navigate a world of increased scrutiny and attack potency.

IT Security Specialist, Grant Ongers will take a look at:
- The rapid changing world of software
- How security is becoming a non-optional aspect of software development
- Importance of shared security responsibility between traditional security and development teams

Key Takeaways:
* What culture changes from traditional development (agile) to DevOps?
* What are the ways to integrate security testing into DevOps CI/CD pipelines?
* What kind of experimentation and staff is needed to effectively roll out DevOps programs?

Wasserfall, Agilität, DevOps … es macht den Eindruck, dass alle paar Jahre wieder, weitere Methoden für die optimale Softwareerstellung für Unternehmen erscheinen. Obwohl all diese Prozesse ihre Stärken und Schwächen haben, kann die Optimierung (und, “die vorher nicht vorhandene red tape”), die sie mit sich bringen, wie ein Hindernis für das Hauptziel der Entwickler anfühlen: KICK-ASS FEATURES ERSTELLEN. In diesem Webinar werden Ihnen taktische Methoden vorgeschlagen die erforderlich zum Aufbau einer erfolgreichen DevSec Strategie werden. Wir wünsche Ihnen interessante Einblicke.

The days of a hands-off security approach for developers are over, and with the right training and tools, they can take advantage of this process, upskill their security awareness and stand out among their peers.

Security expert Dr. Matias Madou, Ph.D. will demonstrate the changes the industry has faced in the journey from Waterfall to DevSecOps, as well as reveal how you, the developer, can become a powerful piece of the DevSecOps pipeline, without compromising the work you love most, all while upskilling and become an even more sought-after engineer in the process.

This panel of AppSec experts discusses the ins and outs of creating Security Champions in their organizations. They discuss the differences when creating an internal champion vs inviting one in and how that impacts their overall efficiency. The experts agree that prioritizing this role can help foster the creation and resulting impact of a positive organizational security culture.