(ISC)² Security Congress 2021 - Career Center & Recordings
DateOctober 17, 2021Speaker
Social Conversation & Etiquette Expert
DateOctober 17, 2021Speaker
Certified Body Language Coach
DateOctober 17, 2021Speaker
Chief Success Officer, Computer Coach Training Center
DateOctober 17, 2021Speaker
Chief Success Officer, Computer Coach Training Center
DateOctober 17, 2021Speaker
Executive Bench Consultant, RHR International
DateOctober 17, 2021Speaker
Chief Success Officer, Computer Coach Training Center
DateOctober 18, 2021How do you measure the effectiveness of security? In 2016, we established a security function within software engineering. Taking a software engineering approach to security, we created testing services, hired developers to build tools, conducted secure code reviews and created our AppSec training program. In 2020, we challenged ourselves to evaluate the effectiveness of our program by analyzing the impact of our team’s services on pen-test findings. A three-month data analysis found that development teams working with us fixed their pen-test findings faster and had significantly fewer new pen-test findings than teams we didn’t work with. In this talk, we will share the specific application security practices that led to these improved outcomes, and how we adjusted our services in response to our findings.Objectives
- Identify the key application security practices that have been shown to reduce risk.
- Understand how to analyze the security data and adjust a program in response.
- Know how to set up and run a experiment to evaluate the effectiveness of a security control.
Speakers
Principal Engineer, Express ScriptsSean Scott, MSAgile Product Manager, Lumen
