Implementing a Practical AppSec Program: Expert Insights on Strategy & Execution
In application security, recognizing threats is just the beginning. Real success requires choosing the right tools, adopting effective methodologies, and integrating security practices into development gates across the software development lifecycle — from "shift left" early-stage strategies to "shift right" monitoring post-deployment. As these elements converge, a challenge for security leaders emerges: designing a resilient, practical program that adapts to new challenges while consistently prioritizing and mitigating real-world risks.
Mic McCully of Oligo Security will lead the panel discussion. He'll be joined by experts Dustin Lehr, Sr. Director of Platform Security at Fivetran, and Naor Penso, Head of Product Security at FICO.
During the session, we'll dive into:
- Alert Overload and False Positives: The struggle of sifting through overwhelming alerts, discerning genuine threats from a sea of false positives, and the implications of both.
- Understanding Reachability: Delving into core considerations that define 'reachability' in application security, weighing the insights derived from both pre-deployment and post-deployment evaluations.
- Shaping a Proactive Culture: Transitioning from reactive measures to proactive teamwork. Overcoming trust barriers by fostering and empowering security champions within development teams, ensuring security becomes a shared responsibility.
Sponsored by:
Speakers
InfoSec content strategist, researcher, director, tech writer, blogger and community builder. Senior Vice President of Audience Content Strategy at CyberRisk Alliance.
With a career spanning over two decades, Naor is a highly experienced cybersecurity executive with a track record of building, growing, and leading large cybersecurity organizations. In his current role as Head of Product Security at FICO, Naor leads teams of dozens of cybersecurity experts, working to protect the company and its customers. Naor has a proven track record of developing and implementing effective security strategies across all cybersecurity domains and driving their execution at an enterprise scale in both the public and private sectors. Beyond his leadership role, Naor also dedicates time contributing to the open source community, mentoring and promoting startups in cybersecurity, demonstrating his commitment to advancing the field through innovation and collaboration.
Before shifting into cybersecurity leadership, Dustin spent 13 years as a software engineer and application architect in a variety of industries, including retail, DoD, and even video games. This background has helped him forge close partnerships with development teams, engineering leaders, and software security advocates to design security programs that maximize engagement. Today, Dustin is the Sr. Director of Platform Security at Fivetran plus the Co-founder and Chief Solutions Officer at Katilyst Security, which helps companies build security culture and security champion programs. He also founded and co-leads the open discussion remote meetup Let’s Talk Software Security! and authored The Security Champion Program Success Guide.
Mic is an experienced senior security advocate who has spent his career evangelizing security software as a business enablement solution in some of the earliest security startups, as well as in significant positions within leading global security software enterprises. His security diversity throughout his tenure has led to experience in various domains, including application security, mobile security, data level security, network security, and developer-focused security. Today, Mic is the Director of Solution Engineering at Oligo Security, helping to evangelize and share the power of the Oligo platform.