CISOs know the power of security as a driver of business, but other stakeholders often equate security with compliance. Security shouldn’t be viewed as a controlling organ – then it will stall innovation and become a blocker for deploying new techniques. Implemented and evaluated correctly, new security tools should speed up the development processes and enable innovation.
So how do you measure success in app sec?
There are several methods that define the success of a new tool. New tools have to live up and in most instances exceed the existing solutions in place and should help developers to do their job more efficiently.
Here we can discuss the relevance of pre-planning and the definition of clear success criteria to get the most out of any solution decided upon. We draw parallels to real world examples of companies that have found success by optimising the time spent on evaluating and implementing new tools.
This segment is sponsored by Detectify.Full Episode Show Notes
Travis Isaacson - Technical Expertise Manager at Detectify
Travis Isaacson is Technical Expertise Manager at Detectify, where he helps customer security teams utilize the latest crowdsourced vulnerability research in their automated security practices and keep web apps secure. Travis has a background in supply chain logistics and digital AdTech. Outside of office hours, he enjoys dabbling in ethical hacking and bug bounties.
Jason Albuquerque - CIO & CSO at Carousel Industries
Jason Albuquerque is the CIO & CSO at Carousel Industries
Matt Alderman - Executive Director at CyberRisk Alliance
Strategic Advisor at Automox, security consultant, and wizard of entrepreneurship.
Paul Asadoorian - Founder at Security Weekly
Paul Asadoorian is the founder of Security Weekly, which was acquired by CyberRisk Alliance. Paul spent time “in the trenches” implementing security programs for a lottery company and then a large university. Paul is offensive, having spent several years as a penetration tester. As Product Evangelist for Tenable Network Security, Paul built a library of materials on the topic of vulnerability management. When not hacking together embedded systems (or just plain hacking them) or coding silly projects in Python, Paul can be found researching his next set of headphones.
Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!
Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!