Abstract:
Security practitioners - the Sisyphus of information technology. We stand with a huge mass of developers creating new content every day, and we trust the training that we offer them, our own abilities as subject matter experts, in the tools we create and the methods we suggest. And still, the application security debt keeps growing and flaws we thought were already well-understood keep reappearing. This talk proposes yet another way of working with developers, testers and architects to address the gaps between training and coding, design and implementation, security testing and making sure that the security practitioner has enough timely information to be able to influence development rather than run after fixing the next version. These are supported by observation and interaction with many distinct development teams, feedback from peer practitioners, and pilot tests.

by Izar Tarandach, Lead Product Security Architect of Autodesk Inc.

Izar Tarandach is Lead Product Security Architect at Autodesk inc.. Prior, he was the Security Architect for Enterprise Hybrid Cloud at Dell EMC, for long before a Security Consultant at the EMC Product Security Office. With more years than he's willing to admit to in the information security arena, he is a core contributor to the SAFECode training effort and a founding contributor to the IEEE Center for Security Design. He holds a masters degree in Computer Science/Security from Boston University and has served as an instructor in Digital Forensics at Boston University and in Secure Development at the University of Oregon.

Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP...