AppSec Europe 2016 has ended
Back To Schedule
Friday, July 1 • 12:25 - 13:10
AppSec Awareness: A Blue Print for Security Culture Change

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

How does an individual change the application security culture of an organization? By designing and deploying an application security awareness program that contains engaging content, humor, and recognition. Application security awareness is part security knowledge, part lessons learned from history, and action to improve security into the future. Each company has an application security culture, but most of them need a boost. 

This session is about exposing each audience member to a successful blue print for how they can build an application security awareness program of their own. The content is based on five years of real life experience implementing application security awareness in a large enterprise reaching 30,000 people. Go beyond traditional security awareness, and dive deep into changing the DNA of those who code, test, and deploy applications within their organization. 

The session uses the illustration of building a house, with six points used to show the ideal way to construct a successful application security awareness program. We move from answering what is application security awareness, to providing the details for how anyone can build a program of their own. This advice is from real life experience; this is how we did it, and how anyone in the audience can use this blue print to deploy their own program. 

The six blueprints are: 

Mission: how to define and build a team to support 
Program architecture: design a program that covers all roles and recognizes achievements, on a budget 
Curriculum: what to teach, and how to decide what to include 
Humor: how to use humor to engage the audience 
Content Creation: how to build application security learning that people want to enjoy 
Tools: things you can add to enhance the program's organizational visibility 

I'll share all that I have learned over the past five years on this topic, summarized into a 45 minute window. This includes best practices, lessons learned, and experience as a pioneer in the creation of this type of program. I've built a super successful program, and want to empower and enable others to build similar programs.

avatar for Chris Romeo

Chris Romeo

Security Journey
Chris Romeo is CEO and co-founder of Security Journey and is a builder of security culture influencing education. His passion is to bring security culture change to all organizations, large and small, by providing gamified security programs. Chris is a highly rated industry speaker... Read More →

Friday July 1, 2016 12:25 - 13:10 CEST
Room D (Tiziano Ballrom Sec. 3)