Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Friday, July 1 • 12:25 - 13:10
AppSec Awareness: A Blue Print for Security Culture Change

Sign up or log in to save this to your schedule and see who's attending!

How does an individual change the application security culture of an organization? By designing and deploying an application security awareness program that contains engaging content, humor, and recognition. Application security awareness is part security knowledge, part lessons learned from history, and action to improve security into the future. Each company has an application security culture, but most of them need a boost. 

This session is about exposing each audience member to a successful blue print for how they can build an application security awareness program of their own. The content is based on five years of real life experience implementing application security awareness in a large enterprise reaching 30,000 people. Go beyond traditional security awareness, and dive deep into changing the DNA of those who code, test, and deploy applications within their organization. 

The session uses the illustration of building a house, with six points used to show the ideal way to construct a successful application security awareness program. We move from answering what is application security awareness, to providing the details for how anyone can build a program of their own. This advice is from real life experience; this is how we did it, and how anyone in the audience can use this blue print to deploy their own program. 

The six blueprints are: 

Mission: how to define and build a team to support 
Program architecture: design a program that covers all roles and recognizes achievements, on a budget 
Curriculum: what to teach, and how to decide what to include 
Humor: how to use humor to engage the audience 
Content Creation: how to build application security learning that people want to enjoy 
Tools: things you can add to enhance the program's organizational visibility 

I'll share all that I have learned over the past five years on this topic, summarized into a 45 minute window. This includes best practices, lessons learned, and experience as a pioneer in the creation of this type of program. I've built a super successful program, and want to empower and enable others to build similar programs.

Speakers
avatar for Chris Romeo

Chris Romeo

CEO, Security Journey
Chris Romeo is CEO, Principal Consultant, and co-founder of Security Journey. His passion is to bring application security awareness to all organizations, large and small. He was the Chief Security Advocate at Cisco Systems for five years, where he guided Cisco’s Security Advocates, empowering engineers to "build security in" to all products at Cisco. He led the creation of Cisco’s internal, end-to-end application security awareness... Read More →


Friday July 1, 2016 12:25 - 13:10
Room D (Tiziano Ballrom Sec. 3)

Attendees (28)