Vandana Verma Sehgal
In today's high-tech industries, security is struggling to keep up with rapidly changing production systems and the chaos that agile development introduces into workflows. Application security (AppSec) teams are fighting an uphill battle to gain visibility and control over their environments. Rather than invest their time in critical activities, teams are overwhelmed by gaps in visibility and tools to govern the process. As a result, many digital services remain improperly protected. To catch up, AppSec must adopt a model of agility that is compatible with software development.
The agile process continuously integrates small changes and collects meaningful feedback along the way, allowing an ever-progressing evolution of software. With small steps, you pay less for mistakes and learn a lot along the way. This approach, powered by continuous integration/continuous deployment (CI/CD), source code management (SCM), and an amazing array of collaboration tools, makes the software industry fast and powerful.
AppSec teams are charged with making sure software is safe. Yet, as the industry's productivity multiplied, AppSec experienced shortages in resources to cover basics like penetration testing and threat modeling. The AppSec community developed useful methodologies and tools — but outnumbered 100 to 1 by developers, AppSec simply cannot cover it all.
Software security (like all software engineering) is a highly complex process built upon layers of time-consuming, detail-oriented tasks. To move forward, AppSec must develop its own approach to organize, prioritize, measure, and scale its activity.
In this panel, we plan to address and discuss the current state of AppSec, and point out a few common failure points. Afterwards we plan to discuss what agile AppSec looks like, and how a reorganization, and a shift in management strategy could greatly transform the field, and allow business to truly address the risk of under-protected software.
Roy Erlich, CEO & Co-founder, Enso Security
Roy Erlich is the CEO and Co-founder of Enso Security. He is the former Head of Application Security at Wix.com, where he gained critical insight into the AppSec lifecycle. Roy commanded an elite cybersecurity team in the IDF 8200 unit.
IT Security Manager @ FINN.no
Emil is running an AppSec Program for 200 Software Engineers divided on 35+ teams. Previously he has experience from being a part of Engineering Teams developing products to doing Security Engineering work creating services for appsec at scale.
Application Security Manager @ DoubleVerify
Seth Kirschner is the Application Security Manager for DoubleVerify, a publicly traded AdTech company (NYSE:DV). Previously with Deloitte and MUFG Securities. Co-founded Mira Therapeutics, Inc in PTSD/Trauma. Stevens Institute of Technology Alumni.
Vandana Verma Sehgal
Global Board of Directors - OWASP
Vandana is a seasoned security professional with experience ranging from application security to infrastructure and now dealing with DevSecOps. She has been Keynote speaker / Speaker /Trainer at various public events ranging from Global OWASP AppSec events to BlackHat events to regional events like BSides events in India. She is part of the OWASP Global board of directors. She also works in various communities towards diversity initiatives InfosecGirls, WoSec and null.
She has been recipient of multiple prestigious awards like Global cybersecurity influencer among IFSEC Global's "Top Influencers in Security and Fire" Category for 2019, Cybersecurity Women of the year award by Women Cyberjutsu Society in the Category “Secure Coder”. She has also been listed as one of the top women leaders in this field of technology and cybersecurity in India by Instasafe.