Hi [[ session.user.profile.firstName ]]

Avoiding the Security Iceberg

Using his years of experience both on the customer and consultation side of application security, Colin shares his best practices to successfully adapt a successful DevSecOps methodology. You will learn:
- How trust is key to success
- How to nail the easy wins
- How to build guardrails rather than release gates
Recorded Apr 29 2020 23 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Colin Domney, Security Architect, CyberProof
Presentation preview: Avoiding the Security Iceberg

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Best Practices for Achieving an Awesome SOC 2 Report Recorded: Sep 10 2020 25 mins
    Vincent Gilbert, Information Security Lead @ Fundapps & Stefania Chaplin, Solutions Architect @ Secure Code Warrior
    Sometimes it can feel extremely overwhelming when running into the project of a SOC report. That's why we've teamed up with some industry experts to talk through some of their top tips for when trying to get a SOC2 report. Watch this webinar to learn:
    - What a report looks like
    - What the difference is between type 1 and 2 report
    - What controls are needed
    - Top tips for when trying to get a SOC 2 report
    - How coding practices come into play in SOC 2
  • Embedded Systems and Empowering Your Team Recorded: Jul 7 2020 31 mins
    Matias Madou & Stefania Chaplin
    Smart Products, Internet of Things, Automated Control and Management of production and distribution systems are just some of the things fueling the development of embedded systems. But as we rely more and more on products and processes that have embedded software what are the impacts of security vulnerabilities in those systems for their operation, privacy and safety and how do we mitigate them?

    Hear from Secure Code Warriors’ CTO Matias Modou on the steps you can take to reduce the number of common vulnerabilities in the systems you produce whilst accelerating time to delivery and reducing costs.
  • Tools Vs People: Is your AppSec budget adequately addressing both? Recorded: Jun 30 2020 44 mins
    Cedric Levy Bencheton, Lee Thurlow, Lewis Bramfitt, Reena Shah
    For a long time, organisations have been aware of the growing application security risk surrounding their software. With data breaches seemingly announced every other day, many are working quickly to lower their risk exposure and secure the valuable data that could potentially be accessed by unscrupulous attackers.

    The strategy employed to mitigate risk is often tool-centric, with SAST /IAST /DAST scanning tools playing a major role in finding vulnerable code that could be exploited within applications. However, with the immense cost and frequently ineffective results, many companies are searching for their 11magic bullet11 to reduce risk.

    Meet a panel of experts who will tell their stories of success, including their own strategies for balancing tools with adequate training and people investment, in order to achieve the security best practice needed to safely navigate a world of increased scrutiny and attack potency.
  • Non-functional, Non-optional - Security’s Role in a World of Software Recorded: Jun 30 2020 29 mins
    Grant Ongers, Global Board of Directors at OWASP Foundation | CTO Secure Delivery
    IT Security Specialist, Grant Ongers will take a look at:
    - The rapid changing world of software
    - How security is becoming a non-optional aspect of software development
    - Importance of shared security responsibility between traditional security and development teams
  • What is DevOps? Recorded: Jun 30 2020 27 mins
    Jim Manico, Founder, Manicode Security
    Key Takeaways:
    * What culture changes from traditional development (agile) to DevOps?
    * What are the ways to integrate security testing into DevOps CI/CD pipelines?
    * What kind of experimentation and staff is needed to effectively roll out DevOps programs?
  • Tools Vs People: Is your AppSec budget adequately addressing both? Recorded: Jun 30 2020 44 mins
    Cedric Levy Bencheton, Lee Thurlow, Lewis Bramfitt, Reena Shah
    For a long time, organisations have been aware of the growing application security risk surrounding their software. With data breaches seemingly announced every other day, many are working quickly to lower their risk exposure and secure the valuable data that could potentially be accessed by unscrupulous attackers.

    The strategy employed to mitigate risk is often tool-centric, with SAST /IAST /DAST scanning tools playing a major role in finding vulnerable code that could be exploited within applications. However, with the immense cost and frequently ineffective results, many companies are searching for their 11magic bullet11 to reduce risk.

    Meet a panel of experts who will tell their stories of success, including their own strategies for balancing tools with adequate training and people investment, in order to achieve the security best practice needed to safely navigate a world of increased scrutiny and attack potency.
  • Non-functional, Non-optional - Security’s Role in a World of Software Recorded: Jun 30 2020 29 mins
    Grant Ongers, Global Board of Directors at OWASP Foundation | CTO Secure Delivery
    IT Security Specialist, Grant Ongers will take a look at:
    - The rapid changing world of software
    - How security is becoming a non-optional aspect of software development
    - Importance of shared security responsibility between traditional security and development teams
  • What is DevOps? Recorded: Jun 30 2020 27 mins
    Jim Manico, Founder, Manicode Security
    Key Takeaways:
    * What culture changes from traditional development (agile) to DevOps?
    * What are the ways to integrate security testing into DevOps CI/CD pipelines?
    * What kind of experimentation and staff is needed to effectively roll out DevOps programs?
  • Tools Vs People: Is your AppSec budget adequately addressing both? Recorded: Jun 30 2020 44 mins
    Cedric Levy Bencheton, Lee Thurlow, Lewis Bramfitt, Reena Shah
    For a long time, organisations have been aware of the growing application security risk surrounding their software. With data breaches seemingly announced every other day, many are working quickly to lower their risk exposure and secure the valuable data that could potentially be accessed by unscrupulous attackers.

    The strategy employed to mitigate risk is often tool-centric, with SAST /IAST /DAST scanning tools playing a major role in finding vulnerable code that could be exploited within applications. However, with the immense cost and frequently ineffective results, many companies are searching for their 11magic bullet11 to reduce risk.

    Meet a panel of experts who will tell their stories of success, including their own strategies for balancing tools with adequate training and people investment, in order to achieve the security best practice needed to safely navigate a world of increased scrutiny and attack potency.
  • Non-functional, Non-optional - Security’s Role in a World of Software Recorded: Jun 30 2020 29 mins
    Grant Ongers, Global Board of Directors at OWASP Foundation | CTO Secure Delivery
    IT Security Specialist, Grant Ongers will take a look at:
    - The rapid changing world of software
    - How security is becoming a non-optional aspect of software development
    - Importance of shared security responsibility between traditional security and development teams
  • What is DevOps? Recorded: Jun 30 2020 27 mins
    Jim Manico, Founder, Manicode Security
    Key Takeaways:
    * What culture changes from traditional development (agile) to DevOps?
    * What are the ways to integrate security testing into DevOps CI/CD pipelines?
    * What kind of experimentation and staff is needed to effectively roll out DevOps programs?
  • Dev zu DevSec: Secure Developer werden als die neuen Rockstars gefeiert Recorded: May 26 2020 28 mins
    Ema Rimeike & Magdalena Modric
    Wasserfall, Agilität, DevOps … es macht den Eindruck, dass alle paar Jahre wieder, weitere Methoden für die optimale Softwareerstellung für Unternehmen erscheinen. Obwohl all diese Prozesse ihre Stärken und Schwächen haben, kann die Optimierung (und, “die vorher nicht vorhandene red tape”), die sie mit sich bringen, wie ein Hindernis für das Hauptziel der Entwickler anfühlen: KICK-ASS FEATURES ERSTELLEN. In diesem Webinar werden Ihnen taktische Methoden vorgeschlagen die erforderlich zum Aufbau einer erfolgreichen DevSec Strategie werden. Wir wünsche Ihnen interessante Einblicke.
  • How to put the "Sec" in "DevSecOps" (and make sure it actually works) Recorded: May 15 2020 29 mins
    Dr. Matias Madou, CTO and Co-Founder of Secure Code Warrior
    The days of a hands-off security approach for developers are over, and with the right training and tools, they can take advantage of this process, upskill their security awareness and stand out among their peers.

    Security expert Dr. Matias Madou, Ph.D. will demonstrate the changes the industry has faced in the journey from Waterfall to DevSecOps, as well as reveal how you, the developer, can become a powerful piece of the DevSecOps pipeline, without compromising the work you love most, all while upskilling and become an even more sought-after engineer in the process.
  • Panel Discussion: Security Champions Recorded: Apr 29 2020 39 mins
    Meg Anderson, Principal Financial Group; Marilyn Barrios, Motorola Solutions; Anthony Johnson, Delve Risk; Aaron Bedra, DRW
    This panel of AppSec experts discusses the ins and outs of creating Security Champions in their organizations. They discuss the differences when creating an internal champion vs inviting one in and how that impacts their overall efficiency. The experts agree that prioritizing this role can help foster the creation and resulting impact of a positive organizational security culture.
  • The Evolution of Security Champions Recorded: Apr 29 2020 36 mins
    Meg Anderson, VP/CISO, Principal Financial Group
    In this session, Principal Financial Group VP/CISO, Meg Anderson details how her team went through the process of developing the security champions from within. She describes not only the successes but also the difficulties, pitfalls and mistakes made along the way. Meg aptly outlines how imperative it is to connect across functions within an organization and how the security champion can effectively be the bridge between those groups.
  • Panel Discussion: From Dev to DevSec Recorded: Apr 29 2020 52 mins
    Tash Norris, Moonpig; Grant Ongers, Secure Delivery; Colin Domney, CyberProof
    Waterfall, Agile, DevOps... it seems that every few years, a new methodology is born for optimum software creation within an organization. While these processes all have their strengths and weaknesses, the streamlining (and, er, previously absent red tape) they bring can feel like somewhat of a hindrance to the main goal of the developer: building awesome features. Join our panel of AppSec experts to discuss their journey from Dev to DevSec and how they have overcome the obstacles.
  • How to Utilize Your Own Developers Recorded: Apr 29 2020 39 mins
    Matias Madou, CTO, Secure Code Warrior
    It is estimated that, globally, 111 billion lines of code is produced every single year. In a rapidly digitising world, that number is only set to grow larger... along with the potential for more security issues. We are facing an uphill battle against a general AppSec skills shortage, the need for production at the speed of company innovation, and siloed teams not working to the same application security goals. With over 4 billion records stolen as a result of data breaches in 2019 alone, this has to change.

    Security awareness programmes remain a powerful, yet underutilised tool to inspire organisations to stay security-focused and engage teams to do their part in the fight against vulnerable code.
  • Avoiding the Security Iceberg Recorded: Apr 29 2020 23 mins
    Colin Domney, Security Architect, CyberProof
    Using his years of experience both on the customer and consultation side of application security, Colin shares his best practices to successfully adapt a successful DevSecOps methodology. You will learn:
    - How trust is key to success
    - How to nail the easy wins
    - How to build guardrails rather than release gates
  • The AppSec Error Loop Recorded: Apr 29 2020 31 mins
    Pieter Danhieux, CEO, Secure Code Warrior
    For a long time, organisations have been aware of the growing application security risk surrounding their software. With data breaches seemingly announced every other day, many are working quickly to lower their risk exposure and secure the valuable data that could potentially be accessed by unscrupulous attackers.
    The strategy employed to mitigate risk is often tool-centric, with SAST/IAST/DAST scanning tools playing a major role in finding vulnerable code that could be exploited within applications. However, with the immense cost and frequently ineffective results, many companies are searching for their “magic bullet” to reduce risk.
  • Dev zu DevSec: Secure Developer werden als die neuen Rockstars gefeiert Recorded: Mar 19 2020 29 mins
    Ema Rimeike & Magdalena Modric
    Wasserfall, Agilität, DevOps … es macht den Eindruck, dass alle paar Jahre wieder, weitere Methoden für die optimale Softwareerstellung für Unternehmen erscheinen. Obwohl all diese Prozesse ihre Stärken und Schwächen haben, kann die Optimierung (und, “die vorher nicht vorhandene red tape”), die sie mit sich bringen, wie ein Hindernis für das Hauptziel der Entwickler anfühlen: KICK-ASS FEATURES ERSTELLEN. In diesem Webinar werden Ihnen taktische Methoden vorgeschlagen die erforderlich zum Aufbau einer erfolgreichen DevSec Strategie werden. Wir wünsche Ihnen interessante Einblicke.
Enabling developers to write secure code.
Secure Code Warrior® is the secure coding company. We have developed an online secure coding platform that helps Developers to think and act with a security mindset every day. Companies can then scale their secure coding excellence as coders and Development teams build and verify their software security skills, gain real-time advice, and monitor skills development.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Avoiding the Security Iceberg
  • Live at: Apr 29 2020 1:45 am
  • Presented by: Colin Domney, Security Architect, CyberProof
  • From:
Your email has been sent.
or close