Hi [[ session.user.profile.firstName ]]

Tools Vs People: Is your AppSec budget adequately addressing both?

For a long time, organisations have been aware of the growing application security risk surrounding their software. With data breaches seemingly announced every other day, many are working quickly to lower their risk exposure and secure the valuable data that could potentially be accessed by unscrupulous attackers.

The strategy employed to mitigate risk is often tool-centric, with SAST /IAST /DAST scanning tools playing a major role in finding vulnerable code that could be exploited within applications. However, with the immense cost and frequently ineffective results, many companies are searching for their 11magic bullet11 to reduce risk.

Meet a panel of experts who will tell their stories of success, including their own strategies for balancing tools with adequate training and people investment, in order to achieve the security best practice needed to safely navigate a world of increased scrutiny and attack potency.
Recorded Jun 30 2020 44 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Cedric Levy Bencheton, Lee Thurlow, Lewis Bramfitt, Reena Shah
Presentation preview: Tools Vs People: Is your AppSec budget adequately addressing both?

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • How to Speak Security in the Board’s Language May 26 2021 3:00 pm UTC 60 mins
    Espen Agnalt Johansen Director of Security @ Visma
    Hear from Espen Agnalt Johansen Director of Security @ Visma about how to speak security in a language that will get the board's attention
  • How to Develop a Security First Culture May 26 2021 2:00 pm UTC 60 mins
    Maria Morris Application Security Engineer @ Blue Prism
    We know that humans are the weak link in a system, and they’re also the ones writing the code. We also know that deep down, people want to do the right thing, but sometimes just don’t know how to do that. Security can take a backseat to budget and timescales, so how do we still keep focused on security? By evolving a Security First culture, you can help to address these concerns. In this talk, we will be discussing practical ways to encourage a Security First culture in your organisation.
  • Why You Need to Mobilize your Cyber Jedi Academy May 26 2021 1:00 pm UTC 60 mins
    Gustav Lundsgård, Software Security Product Owner at IKEA.
    As part of our Leaders in AppSec series, we hear from Gustav Lundsgård, Software Security Product Owner at IKEA.
    Amidst the digital revolution and the change that affects human behavior, IKEA have had to rapidly change the way we do IT and software development. Two years ago, we set out to change (almost) everything we do and how we look at software security. In this presentation, we will focus on our Cyber Jedi Academy, a community, created to empower software developers within IKEA to address and work with security. The presentation will cover what we’ve learnt from running the academy for a year, and how we’ve come to change many things, such as why we must adopt team-centric security and how this optimizes the security work within teams.
  • Panel Discussion: The Changing Face of Software Security May 26 2021 12:00 pm UTC 60 mins
    Mourad Yesayan Managing Director Paladin Capital Group & Reena Shah Director Cyber Security Strategy London Stock Exchange
    Developers and secure coding seem to go together like Apple and Microsoft... it's possible, but there are a lot of unknowns, errors, and compatibility issues. They have other priorities, and security is often placed on the backburner in favour of feature-building. It's time we got to the bottom of this disconnect.

    Our research revealed that more than 88% of developers find coding securely challenging. With software being at the heart of all organizations, we invite you to join us to discuss this and other brand new findings into developer attitudes to application security practices. In this session, we will discuss with our panel experts Mourad Yesayan from Paladin Group and Reena Shah from London Stock Exchange Group what developers really think about secure coding, and how this can ultimately affect the integrity of your business.

    Discover:
    - How many companies are actually producing secure code
    - How secure coding varies between regions
    - Whether or not secure coding could help to keep the valuable developers in your organization.
  • Panel Discussion: The Changing Face of Software Security May 26 2021 12:00 pm UTC 60 mins
    Mourad Yesayan Managing Director Paladin Capital Group & Reena Shah Director Cyber Security Strategy London Stock Exchange
    Developers and secure coding seem to go together like Apple and Microsoft... it's possible, but there are a lot of unknowns, errors, and compatibility issues. They have other priorities, and security is often placed on the backburner in favour of feature-building. It's time we got to the bottom of this disconnect.

    Our research revealed that more than 88% of developers find coding securely challenging. With software being at the heart of all organizations, we invite you to join us to discuss this and other brand new findings into developer attitudes to application security practices. In this session, we will discuss with our panel experts Mourad Yesayan from Paladin Group and Reena Shah from London Stock Exchange Group what developers really think about secure coding, and how this can ultimately affect the integrity of your business.

    Discover:
    - How many companies are actually producing secure code
    - How secure coding varies between regions
    - Whether or not secure coding could help to keep the valuable developers in your organization.
  • Is Security a Developer's Problem? Recorded: Mar 25 2021 57 mins
    Jonny Tennyson - Head of CS at Irius Risk, Stefania Chaplin - Sales Engineer at Secure Code Warrior
    Technology has exploded. And it ALL needs to be secured. Yet, security teams don’t have the manpower to cover all bases in times of rapid technological growth and evolving cybersecurity threats.

    In this discussion we cover the big questions:

    Is security exclusively the problem of security teams?
    Is it only security teams that determine what can go wrong?
    Is tooling really the answer?

    Join us, we're sure you'll pick up something new and interesting.
  • Upskilling: The Missing Link to Close The Security Gap For AppSec Recorded: Mar 24 2021 28 mins
    Peter Robinson, Head of Security at Zip, and Jaap Singh, Co-Founder of Secure Code Warrior
    We continue to face an enormous shortfall in security-aware developers in the workforce. With cyber threats increasing globally and the recurrence of common vulnerabilities in our code, it’s crucial we obtain the skills to protect the software and critical infrastructure we rely on.

    Rather than investing in more tools, is upskilling the answer?

    Hear from Peter Robinson, Head of Security at Zip, and Jaap Singh, Co-Founder of Secure Code Warrior & AppSec Trainer for an insightful discussion on why upskilling cybersecurity skills within the workforce is essential to closing the security gap.

    Discussion topics include:

    - How equipped are organisations to upskill their cyber capabilities?

    - With the rapid transition to remote working and digitalisation, how
    important have application security become in the cybersecurity mix?

    - The importance of the human factor and ongoing training to minimise
    security risks.

    - Standards and certifications: What to look for when recruiting security-
    aware professionals.
  • (APAC) Upskilling: The Missing Link to Close The Security Gap For AppSec Recorded: Mar 24 2021 28 mins
    Peter Robinson, Head of Security at Zip, and Jaap Singh, Co-Founder of Secure Code Warrior
    We continue to face an enormous shortfall in security-aware developers in the workforce. With cyber threats increasing globally and the recurrence of common vulnerabilities in our code, it’s crucial we obtain the skills to protect the software and critical infrastructure we rely on.

    Rather than investing in more tools, is upskilling the answer?

    Hear from Peter Robinson, Head of Security at Zip, and Jaap Singh, Co-Founder of Secure Code Warrior & AppSec Trainer for an insightful discussion on why upskilling cybersecurity skills within the workforce is essential to closing the security gap.

    Discussion topics include:

    - How equipped are organisations to upskill their cyber capabilities?

    - With the rapid transition to remote working and digitalisation, how
    important have application security become in the cybersecurity mix?

    - The importance of the human factor and ongoing training to minimise
    security risks.

    - Standards and certifications: What to look for when recruiting security-
    aware professionals.
  • Marks and Spencer: Why AppSec Gets the Short End of the Security Budget Stick Recorded: Feb 25 2021 28 mins
    Lee Thurlow, Head of AppSec @Marks and Spencer
    In this interview with Lee Thurlow, Head of AppSec at Marks and Spencer we discuss why AppSec is usually put towards the bottom of the list when it comes to the overall security budget. In this session you will learn:
    - How to change the narrative to position AppSec as a high priority for your organisation
    - Lee's top tips for great AppSec achievements
  • Marks and Spencer: Why AppSec Gets the Short End of the Security Budget Stick Recorded: Feb 25 2021 28 mins
    Lee Thurlow, Head of AppSec @Marks and Spencer
    In this interview with Lee Thurlow, Head of AppSec at Marks and Spencer we discuss why AppSec is usually put towards the bottom of the list when it comes to the overall security budget. In this session you will learn:
    - How to change the narrative to position AppSec as a high priority for your organisation
    - How the cost of breaches are rapidly increasing
  • Beyond Compliance: Tips to Deliver Engaging Application Security Recorded: Jan 19 2021 49 mins
    Scott Russo, Cloud Security Manager
    About this Webinar
    Do your development teams treat application security training as a check the box exercise? Do you wish they would engage more with cybersecurity and even take ownership? This session covers tips for creating an application security training program where developers will come to you! And you can accomplish this without having to build your training from the ground up. Join this session to learn a few practical tips on how to make an outstanding application security training experience.

    Key items:

    - How to create an engaging story to draw an audience
    - Making Buy vs Build & Optional vs Mandatory decisions
    - Applying basic marketing principles to training
    - Attracting a community of instructors
  • (APAC) Beyond Compliance: Tips to Deliver Engaging Application Security Recorded: Jan 19 2021 49 mins
    Scott Russo, Cloud Security Manager
    About this Webinar
    Do your development teams treat application security training as a check the box exercise? Do you wish they would engage more with cybersecurity and even take ownership? This session covers tips for creating an application security training program where developers will come to you! And you can accomplish this without having to build your training from the ground up. Join this session to learn a few practical tips on how to make an outstanding application security training experience.

    Key items:

    - How to create an engaging story to draw an audience
    - Making Buy vs Build & Optional vs Mandatory decisions
    - Applying basic marketing principles to training
    - Attracting a community of instructors
  • What is DevOps? Recorded: Nov 17 2020 26 mins
    Jim Manico, Founder, Manicode Security
    Key Takeaways:
    * What culture changes from traditional development (agile) to DevOps?
    * What are the ways to integrate security testing into DevOps CI/CD pipelines?
    * What kind of experimentation and staff is needed to effectively roll out DevOps programs?
  • Best Practices for Achieving an Awesome SOC 2 Report Recorded: Sep 10 2020 25 mins
    Vincent Gilbert, Information Security Lead @ Fundapps & Stefania Chaplin, Solutions Architect @ Secure Code Warrior
    Sometimes it can feel extremely overwhelming when running into the project of a SOC report. That's why we've teamed up with some industry experts to talk through some of their top tips for when trying to get a SOC2 report. Watch this webinar to learn:
    - What a report looks like
    - What the difference is between type 1 and 2 report
    - What controls are needed
    - Top tips for when trying to get a SOC 2 report
    - How coding practices come into play in SOC 2
  • Embedded Systems and Empowering Your Team Recorded: Jul 7 2020 31 mins
    Matias Madou & Stefania Chaplin
    Smart Products, Internet of Things, Automated Control and Management of production and distribution systems are just some of the things fueling the development of embedded systems. But as we rely more and more on products and processes that have embedded software what are the impacts of security vulnerabilities in those systems for their operation, privacy and safety and how do we mitigate them?

    Hear from Secure Code Warriors’ CTO Matias Modou on the steps you can take to reduce the number of common vulnerabilities in the systems you produce whilst accelerating time to delivery and reducing costs.
  • Tools Vs People: Is your AppSec budget adequately addressing both? Recorded: Jun 30 2020 44 mins
    Cedric Levy Bencheton, Lee Thurlow, Lewis Bramfitt, Reena Shah
    For a long time, organisations have been aware of the growing application security risk surrounding their software. With data breaches seemingly announced every other day, many are working quickly to lower their risk exposure and secure the valuable data that could potentially be accessed by unscrupulous attackers.

    The strategy employed to mitigate risk is often tool-centric, with SAST /IAST /DAST scanning tools playing a major role in finding vulnerable code that could be exploited within applications. However, with the immense cost and frequently ineffective results, many companies are searching for their 11magic bullet11 to reduce risk.

    Meet a panel of experts who will tell their stories of success, including their own strategies for balancing tools with adequate training and people investment, in order to achieve the security best practice needed to safely navigate a world of increased scrutiny and attack potency.
  • Non-functional, Non-optional - Security’s Role in a World of Software Recorded: Jun 30 2020 29 mins
    Grant Ongers, Global Board of Directors at OWASP Foundation | CTO Secure Delivery
    IT Security Specialist, Grant Ongers will take a look at:
    - The rapid changing world of software
    - How security is becoming a non-optional aspect of software development
    - Importance of shared security responsibility between traditional security and development teams
  • What is DevOps? Recorded: Jun 30 2020 27 mins
    Jim Manico, Founder, Manicode Security
    Key Takeaways:
    * What culture changes from traditional development (agile) to DevOps?
    * What are the ways to integrate security testing into DevOps CI/CD pipelines?
    * What kind of experimentation and staff is needed to effectively roll out DevOps programs?
  • Tools Vs People: Is your AppSec budget adequately addressing both? Recorded: Jun 30 2020 44 mins
    Cedric Levy Bencheton, Lee Thurlow, Lewis Bramfitt, Reena Shah
    For a long time, organisations have been aware of the growing application security risk surrounding their software. With data breaches seemingly announced every other day, many are working quickly to lower their risk exposure and secure the valuable data that could potentially be accessed by unscrupulous attackers.

    The strategy employed to mitigate risk is often tool-centric, with SAST /IAST /DAST scanning tools playing a major role in finding vulnerable code that could be exploited within applications. However, with the immense cost and frequently ineffective results, many companies are searching for their 11magic bullet11 to reduce risk.

    Meet a panel of experts who will tell their stories of success, including their own strategies for balancing tools with adequate training and people investment, in order to achieve the security best practice needed to safely navigate a world of increased scrutiny and attack potency.
  • Non-functional, Non-optional - Security’s Role in a World of Software Recorded: Jun 30 2020 29 mins
    Grant Ongers, Global Board of Directors at OWASP Foundation | CTO Secure Delivery
    IT Security Specialist, Grant Ongers will take a look at:
    - The rapid changing world of software
    - How security is becoming a non-optional aspect of software development
    - Importance of shared security responsibility between traditional security and development teams
Enabling developers to write secure code.
Secure Code Warrior® is the secure coding company. We have developed an online secure coding platform that helps Developers to think and act with a security mindset every day. Companies can then scale their secure coding excellence as coders and Development teams build and verify their software security skills, gain real-time advice, and monitor skills development.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Tools Vs People: Is your AppSec budget adequately addressing both?
  • Live at: Jun 30 2020 3:00 am
  • Presented by: Cedric Levy Bencheton, Lee Thurlow, Lewis Bramfitt, Reena Shah
  • From:
Your email has been sent.
or close