Name: Marks and Spencer: Why AppSec Gets the Short End of the Security Budget Stick
Start: 2021-02-25T02:00:00Z
End: 2021-02-25T02:00:28.000Z
Location: BrightTALK
Rating: 5

Secure Code Warrior is the developer-chosen solution for growing powerful secure coding skills. By making security a positive and engaging experience, our human-led approach uncovers the secure developer inside every coder, helping development teams ship quality code faster.
Through inspiring a global community of security-conscious developers to embrace a preventative secure coding approach, our mission is to pioneer a people-first solution to security upskilling, stamping out poor coding patterns for good.

Join this session to hear from Matt Wilson, Sr Project Manager, and Stefania Chaplin, Solutions Architect from GitLab, and Vikram Ghosh of Secure Code Warrior about the capabilities available to developers on GitLab's DevOps Platform, supporting a developer-led security approach. 

During this session, attendees will be able to grasp security as more than an afterthought, but an active part of the software development life cycle. Additionally, topics such as organizational support, the empowerment of developers, and the contextualizing of relevant and real-time training all will be covered in great detail; with a short demonstration of these tools in action.

Summer Series: Strengthen Left: Develop your Security Muscle

Securely scaling a business with technology best practices is an immense challenge, and can be costly if not done right. Even further, with developers joining the team with varying skill sets and previous work experiences, it is imperative that employees working on the AppSec team are on the same page when it comes to building out the program.

That is where our partner Trace3 can shine. We work with Trace3 to help conduct an initial baseline evaluation of the team, and Trace3 builds out programs based on the results of the Secure Code Warrior assessment. In that way, each organization working with Trace3 has this tool to help build and plan the trajectory of a program; scaling out knowledge and additional skills needs as people are driving security programs. In addition, Trace 3 can act as the bridge for customers by providing leadership to drive the program during this period when finding experienced team members is difficult.

Join Amanda Alvarez, Sr. DevSecOps Engineer, and Steve Allor, VP Worldwide Channels and Partners at Secure Code Warrior, as you will learn how Secure Code Warrior plays a critical role in the planning of an overall AppSec strategy for early, growth, and scaling-up stage businesses.

Summer Series: Building from a strong foundation

When it comes to the security maturity of an organization's development teams, different factors will impact their ability to shift left. In this webinar, Scott Shapiro, SCW’s Director of Product Marketing, will discuss the different stages of security maturity in developer teams and the pitfalls to avoid when working to improve security maturity, and shift security left. Scott will also be joined by Alex Schuchmand, CISO of Palmolive-Colgate who will discuss their approach to building developer security maturity, the challenges faced, and key learnings along the way. You’ll learn:

- Why is the security maturity of developer teams important?
- What are some of the key considerations when building a plan to improve security maturity?
- How can organizations define, adopt and scale the right practices to elevate developer security maturity?

Security maturity in development teams: what, and how?

QA and Secure Code Warrior are both focused on helping enterprises reduce the risks and costs associated with application security by empowering developers to be the first line of defense in their organization. 

In this webinar, you’ll hear from Richard Beck, Director of Cyber at QA, and Steve Allor of Secure Code Warrior as they discuss the increasing demand for secure engineering from the start of code development - by shifting or looking left. 

This engaging webinar will coincide with The Commonwealth Games and the launch of QA’s Secure Engineering Regional & National UK. Get involved and don't get left behind!

From this webinar, you will learn:
- A full overview of QA’s Secure Engineering Program in partnership with Secure Code Warrior, including case study and client testimonials
- How to engage with the wider non-technical engineering community, business analysts, and project and business managers.

Summer Series:  Secure Code by Design

Despite the vast array of security measures adopted by organizations, we continue to see the repercussions of software vulnerabilities. Based on our recent report ‘The State of Developer-Driven Security Survey 2022’, SCW co-founders Pieter Danhieux, Matias Madou, and Nathan Desmet will discuss the findings to uncover the challenges around current secure coding practices and identify the opportunities that organizations can embrace to improve developer security skills, and ultimately software security. Pieter, Matias, and Nathan will discuss:

What do developers prioritize and why?
Why are current secure coding practices problematic for organizations?
What steps can organizations take to improve code security in the application development process?

The challenges (and opportunities) to improve secure coding practices

This session will focus on the challenges organizations can face when implementing a security-first approach to software development and provide ideas and best practices that will help ensure success. The security challenge is especially true within the embedded software market, where privacy and security are going to be a vital component of our future of millions or billions of interconnected devices interacting with humans in every conceivable way. As always, shifting the employee mindset is one of the most difficult undertakings of a security-first approach. In this webinar, we consider these challenges and how we can harness best practices in learning technology and the contextual benefits of shifting left to optimize developer secure code training, ensure that the final software is free from weaknesses, and hopefully create more security-conscious developers for the future. Including: 

- How current cybersecurity trends are changing the embedded software market 
- The Shift Left Movement and what it means for developer learning 
- What is being done to classify and prioritize security vulnerabilities 
- How integrated tools and training can bring optimal results

Shift-left security training and vulnerability detection for embedded systems

With the rise of security breaches stemming from exploitable software vulnerabilities, organizations must look to minimize the risk of successful cyberattacks via their software and applications. The most effective time to eliminate vulnerabilities from code is at the creation stage, and security-skilled developers hold the key to making this a reality. In this webinar, we explore best practices to build and implement a cohesive developer security program, one that helps to simplify and speed up software releases while prioritizing security without compromising innovation. Our experienced panel will discuss:
- Where do organization's struggle when it comes to ensuring the security of their software releases, and why?
- When should development teams rely on tools versus skills?
- How can you instill a positive security culture in your developer teams?

Increase software release velocity with holistic, developer-driven security

Tired of painful audits? Then don’t miss this talk.

The ultimate goal of PCI DSS continues to be ensuring that all sellers safely and securely store, process, and transmit cardholder data. As we increasingly rely on online transactions, it’s fair to say PCI DSS continues to set the bar higher to give consumers assurance. This includes stronger security standards, so CISOs, CTOs, Chief Risk Officers, and Chief Compliance Officers should expect to make more adjustments in order to meet the ever-changing security goalpost. 

Join this talk to prepare your business not just for the next audit, but for audits in years to come. Here’s some of what we’ll cover:

- Hear from an experienced QSA on the gaps they look out for when carrying out an assessment; from the security controls they expect, to evidence they need of the right behaviours. 
- Hear from a Global Head of Security on how to prepare for a painless audit.
- Hear our speakers demystify PCI requirement 6
- Explore ways tools could simplify the process
- Find out practises you should be implementing to stay compliant for the long term.

Key Secrets to a Winning PCI-DSS Audit for Software Companies.

The OWASP Top 10 2021 reflects a significant overhaul, with brand new categories making their debut and injection attacks falling from the #1 spot for the first time. This increased focus on architectural vulnerabilities demonstrates a need to look beyond surface-level bugs when it comes to secure software development. 

But while the OWASP Top 10 provides great guidance on the most common vulnerabilities, organizations must recognize that it’s not a silver bullet to eliminate all software security woes, or even the ones that could be the biggest threat to their business. 

In this webinar, industry experts will offer a perspective on the OWASP Top 10 and how organizations should consider it in their software security programs to truly improve their security posture. We will discuss: 

- How do the changes to the OWASP Top 10 2021 reflect the state of software security?
- What should organizations prioritize when building a software security program for their developer teams?
- What developer-focused strategies should be considered outside of the OWASP Top 10?

If you are unable to attend live, we will send you the recorded after the webinar has gone live.

The OWASP Top 10…. and beyond

Hear from industry experts how they tackle the challenges of engaging stakeholders within security. Speakers include:

- James Rees, MD and Principal Consultant at Razorthorn
- Jon Gray, Technical Information Security Officer at PWC
- Erhan Temurkan, CISO at Bink

Panel Discussion: How to Engage Stakeholders for a Successful Security Program

Why Secure Code Matters - Ciaran Martin, former and founding head of the National Cyber Security Centre, sets out an overview of the harm malicious cyber activity is doing, who is doing it and why, and why structural problems in our technology are the root of the problem. Demanding safer software is a big part of the solution.

Why Secure Code Matters

Recorded live at Leaders in AppSec London - Jon Gray delves into his experience at PWC and beyond, sharing his top tips for communicating within your top security stakeholders.

Selling Your Security Programme to the Board

Between looming deadlines and increased pressure to launch better products faster than the competition, modern-day developers have less time than ever before. Valuable time is often consumed by rework, debugging, and code maintenance - a recent survey found 38% of developers spend up to a quarter of their time fixing software bugs. Over half of developers say if they didn't have to spend so much time fixing bugs, they would have enough time to build new features and functionality.

In this webinar, join experts from Bugcrowd, Secure Code Warrior, and TX Group, as they discuss:

Why vulnerabilities continue to be an issue despite the use of scanning tools
The importance of security testing as a component of the security workflow
How to fix the traditional security training model
How to help your developers find and fix vulnerability issues faster
Steps to leverage crowdsourced security to optimise your security model
Join the discussion to hear how TX Group is addressing this challenge and pick up practical tips to help your development team today.

Shorten your software vulnerability remediation by over 35%

NIST has released its "Guidelines on Minimum Standards for Developer Verification of Software" in response to President Biden's Executive Order on Cybersecurity. With an industry ready and willing to support increasing the security of the Nation's software, there are some in the industry that feel the standards don't go far enough. How specific should these guidelines be? Is NIST focused on what matters? 

Join our panel of industry experts as they discuss NIST's latest release and the future of software security standards.
Welcome panelists:
- Jim Pflaging, Managing Partner, Cynergy Partners 
- Jeff Williams, CTO & Co-Founder, Contrast Security
- Brian Chess, Advisor & Investor, Secure Code Warrior & Contrast Security
- Vikram Ghosh, SVP of Strategic Alliances, Secure Code Warrior

Making Moves with NIST: The future of software security standards

We continue to face an enormous shortfall in security-aware developers in the workforce. With cyber threats increasing globally and the recurrence of common vulnerabilities in our code, it’s crucial we obtain the skills to protect the software and critical infrastructure we rely on.

Rather than investing in more tools, is upskilling the answer?

Hear from Peter Robinson, Head of Security at Zip, and Jaap Singh, Co-Founder of Secure Code Warrior & AppSec Trainer for an insightful discussion on why upskilling cybersecurity skills within the workforce is essential to closing the security gap.

Discussion topics include:

- How equipped are organisations to upskill their cyber capabilities?

- With the rapid transition to remote working and digitalisation, how 
   important have application security become in the cybersecurity mix?

- The importance of the human factor and ongoing training to minimise 
   security risks.

- Standards and certifications: What to look for when recruiting security- 
   aware professionals.

Upskilling: The Missing Link to Close The Security Gap For AppSec

As the first line of defense in your organization, developers are our heroes when it comes to secure coding. Give them a pathway to excel in their skills and reward them for it. From contextual learning tools and real-world simulations, to full certification programs, there are a variety of ways to take your training program to the next level. And as more developers improve their secure coding skills, your organization’s security posture becomes stronger with fewer vulnerabilities being written into your code. 

Join security expert, Stefania Chaplin, who will take a deeper look at secure code training and show you ways to mature your program with Secure Code Warrior. Key topics will include: 
- Relevant real-world simulations with Secure Code Warrior's Missions feature
- Increased contextual learning with Jira and GitHub extensions 
- Certifications that engage and reward developers

Mature Your Security Program

Our expert panel of security professionals discuss pioneering the human approach to secure coding knowledge and remediation. They will uncover key findings from our recent primary research giving insight into developer attitudes to secure coding, secure code practices and security operations and panel discussion.
Learn about creative ways to stamp out poor coding patterns for good, making security intrinsic to developer workflows, and enabling human-led prevention.

Don't miss part 2 - Pioneering developer upskilling at Suncorp

Pioneering a human approach to secure coding - panel discussion Part 1

Audrey Wakefield, Application Security Manager, Suncorp and Kirsty Alsop, Head of Customer Success, Secure Code Warrior discuss: 
Suncorp's approach to developer secure coding upskilling and what has enabled the success of their program
Moving from a compliance mindset to skills uplift mindset
What was achieved in 2020 and what will success look like in Suncorp's secure coding program for 2021
How Secure Code Warrior is supporting Suncorp to achieve their program objectives.

Don't miss part 1 - Pioneering a human approach to secure coding

Fireside chat: Pioneering developer security upskilling at Suncorp - Part 2

In this interview with Lee Thurlow, Head of AppSec at Marks and Spencer we discuss why AppSec is usually put towards the bottom of the list when it comes to the overall security budget. In this session you will learn:
- How to change the narrative to position AppSec as a high priority for your organisation
- How the cost of breaches are rapidly increasing

Marks and Spencer: Why AppSec Gets the Short End of the Security Budget Stick

Application Security

Security Breach

Security Awareness

Information Security

Breach Prevention

Cyber Security

IT Security

Application Development

Budget Finance

Data Breach

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Marks and Spencer: Why AppSec Gets the Short End of the Security Budget Stick

Presented by

About this talk

More from this channel