Snyk ASPM Masterclass Series: Chapter 2

This Session Available Now!

  1. Watch Now

About This Series

Application security professionals are struggling. The transition to agile, DevOps, cloud, and the growing use of AI is empowering distributed development teams to build software with greater speed and autonomy. In contrast to the remarkable strides in development methodologies, AppSec teams are still playing catchup, both outnumbered and out-resourced. Given all these challenges, is it truly possible to “master” AppSec?

To that end, welcome to the ASPM (Application Security Posture Management) masterclass, where we will provide Application Security leaders and practitioners with the knowledge and tools to manage a risk-based AppSec program using the principles of ASPM as our guide. Participants will learn how to build AppSec programs which focus on risk, put KPIs in place to measure success, and work more seamlessly with both engineering and c-suite executives. Participants will walk away with the tools and know-how to build, manage and scale an AppSec program that works for your organization.

View the Sessions

       

          

Virtual Event Sessions

  1. Chapter 1: Intro to ASPM | Building better AppSec programs with ASPM

    Now On Demand
    Partnered with:
    1. Snyk

    In this introductory chapter, we will review the foundations of AppSec program building and key concepts. We will also introduce ASPM (Application Security Posture Management) its core principles, and how AppSec practitioners and leaders can apply them in order to build, manage and scale a risk-based AppSec program.

    1. Sonya Moisset Sonya Moisset Senior Security Advocate, DevRel, Snyk
  2. Chapter 2: An AppSec Inspection: Visibility & Coverage

    Watch Now!
    Partnered with:
    1. Snyk

    As the saying goes, you can’t secure what you don’t know. Foundational to any AppSec program is being able to have full visibility into the “assets” which make up our software, and the ability to identify gaps in security coverage of those assets. This chapter will define an “asset” and help participants carry out a gap analysis of their own in order to ensure that critical software is being covered and resources are optimally utilized.

    1. Chen Gour-Arie Chen Gour-Arie Director of Engineering, Snyk
  3. Chapter 3: Creating a Risk Based Blueprint

    Now On Demand
    Partnered with:
    1. Snyk
    2. SentinelOne

    AppSec professionals are swimming in a sea of vulnerabilities, unable to keep up with the pace of development. This chapter will introduce the concept of risk-based AppSec management, enabling our security teams to go from a system of “chasing vulnerabilities” to “managing risk”.

    1. Micah Silverman Micah Silverman Director of Developer Relations, Snyk
    2. Rick Bosworth Rick Bosworth Cloud Security Leader, SentinelOne
  4. Chapter 4: Control the Next Zero-Day

    Now On Demand
    Partnered with:
    1. Snyk
    2. Sysdig

    This chapter will focus on incident response, and what AppSec teams should be prepared to do when a 0-day hits. We will learn how to identify what are the app assets that need an "all hands on deck" response and why due to the nature of zero-day incidents, AppSec deserves its own incident response plan.

    1. Omer Yaron Omer Yaron Senior Research Engineer, Snyk
    2. Alex Lawerence Alex Lawerence Field CISO, Sysdig
  5. Chapter 5: What Does a Successful AppSec Program Even Look Like?

    Now On Demand
    Partnered with:
    1. Snyk
    2. Deloitte

    Can I demonstrate business impact? How do we know if we are “getting better”? Am I eliminating friction with engineering? This chapter will cover common challenges for security leaders involved in developing applications, securing applications and eliminating potential business risk in order to answer the question – Is this working?

    1. Clinton Herget Clinton Herget Field CTO, Snyk
    2. Roman Lavrick Roman Lavrick Sr Manager, Information Security, Deloitte
  6. Chapter 6: Empowering Your Team Members: Creating a Culture of Trust

    Now On Demand
    Partnered with:
    1. Snyk
    2. Google Cloud
    3. Accenture

    Securing your organization’s software security is a team sport, involving stakeholders from developers all the way to the C-suite. In this chapter, we will review the various stakeholders and their roles, what makes them tick, and how security can instill a culture of trust and ownership to get the job done.

    1. Vandana Verma Sehgal Vandana Verma Sehgal Security Relations Leader, Snyk
    2. Michele Chubirka Michele Chubirka Staff Cloud Security Advocate, Google Cloud
    3. Richard Bukowczyk Richard Bukowczyk Managing Director, Accenture
  1. Accenture
  2. Deloitte
  3. Google Cloud
  4. SentinelOne
  5. Snyk
  6. Sysdig