Surveying the AppSec Landscape

Recent high-profile software supply chain breaches have naturally sharpened the focus on application security. However, as cybersecurity professionals know all too well, concern doesn’t always equate to action. In theory, the rise of DevSecOps best practices that shift responsibility for application security further left should reduce, or outright eliminate, the vulnerabilities that now routinely make it into production applications. Unfortunately, it’s still early days as far as DevSecOps is concerned, so the impact this shift might have is, at best, limited, especially when you consider the level of security knowledge the average developer possesses. Cybersecurity professionals know in their bones that developers are the root cause of most of the issues they face daily. It’s not that developers deliberately build and deploy vulnerable applications; rather, they simply don’t know what to look for. By the time the application is scanned—usually a few days before it’s supposed to be deployed—it’s too late to do much more than make note of the security flaws that need to be addressed. Breaking that cycle will require cybersecurity teams to meaningfully engage developers much earlier in the application development life cycle.

Please join us for a discussion of challenges organizations are encountering as they move to shift responsibility for application security further left at a time when software supply chains are coming under more scrutiny than ever.

Scott Gerlach

Co-founder and Chief Security Officer, StackHawk

Scott Gerlach is Co-founder and Chief Security Officer at StackHawk, a Denver-based startup focused on empowering engineers to easily identify and remediate security bugs. Scott brings over two decades of security and engineering experience to his current role, having served as CSO, CISO and in other executive leadership functions at companies including SendGrid, Twilio and GoDaddy. When he's not at work, you'll find Scott spending time with family, brewing beer and playing guitar.

Kyle Suero

Senior Security Advocate, Snyk

Before joining Snyk as a Senior Security Advocate, Kyle was a Systems Administrator, Full Stack Engineer, Developer Evangelist, and AppSec Engineer. He graduated from the Rochester Institute of Technology Computing Security program with a concentration in Forensics & Malware and an immersion in Philosophy. Over years of traveling North America as a Developer Evangelist for the global hackathon community, Kyle developed a passion for teaching people about the practice of security. In his free time, he serves as a member of the board of advisors to Open@RIT and TechTogether.

Stephen Walters

Field CTO for CEM for Digital, xMatters, an Everbridge Company

Stephen works as a Solution Architect for xMatters, an Everbridge Company, providing a Service Reliability Platform for integrating and orchestrating better, faster Incident & Defect Management for Critical Event Management in enterprise-scale corporations. He has extensive expertise with Business and IT Strategy alignment, design, and implementation of Software Development Lifecycle Frameworks, including CMMI, ITIL, TOGAF, SCRUM, SAFe & DevOps.

Matt Rose

Chief Architect, Bionic

Matt is a technical Application Security Testing (AST) leader with more than 20 years of application security leadership. At Bionic, Matt is the key thought leader who helps drive product innovation and direction to help improve application security programs for enterprises across multiple industries. Prior to Bionic, he was a key leader for Fortify and Checkmarx. He has an extensive background in application security, object-oriented programming, multi-tier architecture design and implementation and internet/intranet development.

Webinar

Think About Your Audience Before Choosing a Webinar Title

What You’ll Learn in This Webinar

Register to Watch Now:

this webinar starts in

What You’ll Learn in This Webinar

About the Hosts