About this Talk
The AppSec programs of today are vastly different than they were, say, 10 years ago. A strong AppSec program requires proactive attention, and this is true for organizations developing their own software as well as those using products developed by third parties. No matter whether your organization is at the very beginning of this process or has already embarked on an AppSec journey, this session will offer insight into key aspects of a robust AppSec program. We will examine actionable tactics to set and achieve objectives required to consistently mature the security stance of any organization. The session will also explore various software assets, threat actors, and how the human element plays a key role. Additionally, we will review real-world, diverse organizational structures with which I have worked and dive into various strategies taken to implement a mature AppSec program within these organizations. Attendees will also learn about various challenges that may emerge when ramping up your program and how to avoid or overcome them.