About This Series
Application security professionals are struggling. The transition to agile, DevOps, cloud, and the growing use of AI is empowering distributed development teams to build software with greater speed and autonomy. In contrast to the remarkable strides in development methodologies, AppSec teams are still playing catchup, both outnumbered and out-resourced. Given all these challenges, is it truly possible to “master” AppSec?
To that end, welcome to the ASPM (Application Security Posture Management) masterclass, where we will provide Application Security leaders and practitioners with the knowledge and tools to manage a risk-based AppSec program using the principles of ASPM as our guide. Participants will learn how to build AppSec programs which focus on risk, put KPIs in place to measure success, and work more seamlessly with both engineering and c-suite executives. Participants will walk away with the tools and know-how to build, manage and scale an AppSec program that works for your organization.
Virtual Event Sessions
-
Chapter 1: Intro to ASPM | Building better AppSec programs with ASPM
Now On DemandPartnered with:
In this introductory chapter, we will review the foundations of AppSec program building and key concepts. We will also introduce ASPM (Application Security Posture Management) its core principles, and how AppSec practitioners and leaders can apply them in order to build, manage and scale a risk-based AppSec program.
- Sonya Moisset Senior Security Advocate, DevRel, Snyk
-
Chapter 2: An AppSec Inspection: Visibility & Coverage
Now On DemandPartnered with:
As the saying goes, you can’t secure what you don’t know. Foundational to any AppSec program is being able to have full visibility into the “assets” which make up our software, and the ability to identify gaps in security coverage of those assets. This chapter will define an “asset” and help participants carry out a gap analysis of their own in order to ensure that critical software is being covered and resources are optimally utilized.
- Chen Gour-Arie Director of Engineering, Snyk
-
Chapter 3: Creating a Risk Based Blueprint
Now On DemandPartnered with:
AppSec professionals are swimming in a sea of vulnerabilities, unable to keep up with the pace of development. This chapter will introduce the concept of risk-based AppSec management, enabling our security teams to go from a system of “chasing vulnerabilities” to “managing risk”.
- Micah Silverman Director of Developer Relations, Snyk
- Rick Bosworth Cloud Security Leader, SentinelOne
-
Chapter 4: Control the Next Zero-Day
Watch Now!Partnered with:
This chapter will focus on incident response, and what AppSec teams should be prepared to do when a 0-day hits. We will learn how to identify what are the app assets that need an "all hands on deck" response and why due to the nature of zero-day incidents, AppSec deserves its own incident response plan.
- Omer Yaron Senior Research Engineer, Snyk
- Alex Lawerence Field CISO, Sysdig
-
Chapter 5: What Does a Successful AppSec Program Even Look Like?
Now On DemandPartnered with:
Can I demonstrate business impact? How do we know if we are “getting better”? Am I eliminating friction with engineering? This chapter will cover common challenges for security leaders involved in developing applications, securing applications and eliminating potential business risk in order to answer the question – Is this working?
- Clinton Herget Field CTO, Snyk
- Roman Lavrick Sr Manager, Information Security, Deloitte
-
Chapter 6: Empowering Your Team Members: Creating a Culture of Trust
Now On DemandPartnered with:
Securing your organization’s software security is a team sport, involving stakeholders from developers all the way to the C-suite. In this chapter, we will review the various stakeholders and their roles, what makes them tick, and how security can instill a culture of trust and ownership to get the job done.
- Vandana Verma Sehgal Security Relations Leader, Snyk
- Michele Chubirka Staff Cloud Security Advocate, Google Cloud
- Richard Bukowczyk Managing Director, Accenture