How do you describe your job to average people?
I say that I provide projects with application security expertise to ensure that application design and implementation are secure for people to use on daily basis. I also direct and monitor developers through application security code review to ensure they apply all application security standards within their application development. Further, I provide application security testing services, define the proper test scopes and perform penetration testing on all sorts of applications.
Why did you get into IT security?
I have always been interested in application security. I had been working in the development world for 12 years and then moved on to the application security world. My previous experience in software application development made the transition to application security much easier.
What was one of your biggest challenges?
Development teams often ignore application security requirements in order to meet all their hard-pressed deadlines and requirements. I worked closely with the developments team – starting from the beginning of the development lifecycle – to implement application security as a feature rather than a later add-on. I was able to get the development teams to implement all the application security standards and requirements with slight to no effect on their timelines.
What keeps you up at night?
Keeping up to date with new application security trends and having to translate that to scenarios that are easy for IT personnel to understand and implement.
Of what are you most proud?
Implementing the ASAP (Application Security Assurance Program) within our IT communities, and the fast adoption of it across all departments.
For what would you use a magic IT security wand?
The purpose of simplifying the application security for development communities in order to increase the speed of adopting application security in the development life cycle, as well as change the approach to application security for more of pro-active rather than re-active.