I have built and rebuilt security programs at places like 1Password and Red Canary. I have had the privilege to work with people like. Tanya Janca, Jim Manico and Jeremiah Grossmen. All this time working with these AppSec people I started to see some problems in modern AppSec. I never heard people really dig into these problems in talks. So I set out to apply my solutions and see if we got farther along than most companies do with a Healthy AppSec program and security culture. I was successful in implementing this at my current employer Red Canary. This talk is about how I did it, my failures and wins and why we are looking at this all wrong.

In this talk I go over the basics of building or rebuilding an AppSec program(tools etc), however I bring in a different perspective. Social engineering culture, programs and people. Becoming a good leader with hiring and management skills. How to actually implement all of these tools and policies without creating a war. Finally building bridges and relationships through the entire company to make AppSec one of the most valued teams. This may sound too good to be true, well it’s hard work and takes time but we have an amazing team, program and culture at my workplace now. Let’s dig in and social engineer a great culture and steal some cues from our unknowing sales people.

Details:

Date: Sunday - May 18
Time: 10:00
Length: 45 minutes
Location: DH Holmes

Speakers:

David Girvin

Senior Product Security Engineer / Architecture at Red Canary Ex ship captain, welder / fabricator who somehow fell into …