OWASP has certainly pushed forward a lot of great advancements in Software Security Assurance, yet you’re still fighting your organization to allow you to scan applications before they go live. Somewhere between the avalanche of site breaches, new technologies, and new apps you’re going to need a better strategy. Let’s face it, if you want to keep playing the game with today’s rules, you’re going to need a bigger shovel …or you can simply choose to evolve your game. Combining a practical ‘workshop style exercise’ and a lecture style talk, this session covers and demonstrates some of the challenges of software security – and why you’re having all this trouble in your day job. This talk will cover why Software Security Assurance programs are still lagging in a majority of organizations, and provide a critical look at how a shift in strategy can help you fall behind a little slower.
Rafal Los, Enterprise and Cloud Security Strategist for Hewlett-Packard Software, combines over a decade of deep technical expertise in information security and risk management with a critical business perspective. From technical research to building and implementing enterprise application security programs, Rafal has a proven track record with organizations of diverse sizes and verticals. He is a sought after speaker at both public and private information security and quality conferences, and has presented at events produced by OWASP, ISSA, SecTor, Black Hat, Defcon, and SANS and many others. Staying active and contributing to the community – he participates in OWASP, the Cloud Security Alliance and other industry groups. His blog, Following the White Rabbit, with his unique perspective on enterprise security and cloud has amassed a following from his industry peers, business professionals, and even the media and can be found at http://hp.com/go/white-rabbit. Prior to joining HP, Los defined what became the software security program and served as a security lead at a Global Fortune 100. Los also contributed to the global organization’s security and risk-management strategy internally and with their customers. Rafal prides himself on being able to add a ‘tint of corporate realism’ to information security. Rafal received his B. S. in Computer Information Systems from Concordia University, River Forest, Ill.