Secure SDLC: The Good, The Bad, and The Ugly

The presentation
This isn't your father's Secure SDLC talk folks! Join Joey Peloquin, Director of Application Security at FishNet Security, for a real-world peek into the secure application development lifecycle. He'll share real-life anecdotes of good, bad, and ugly development programs, how the PCI DSS affects application security from a QSA's perspective, and what makes real application security programs across the nation tick. Finally, he'll wrap up with a detailed post-mortem of his own first attempt at a program, how it was flawed, and how his team put the pieces back together.

The speakers
Joey Peloquin is the Director of Application Security at FishNet Security, where he's responsible for project oversight and quality assurance, business development, and managing the team's offerings and methodologies. He's spent the last nine of fifteen years in I.T. specializing in Information Security, with the last five specifically in Application Security. Prior to joining FishNet Security, he created the service offerings and methodologies for Hewlett-Packard's Application Security Center Professional Services Team. At HP, he also served as the principal delivery consultant and managed all partner-delivered projects. Joey also spent nearly a decade with the JCPenney Corporation, where he transformed himself from a network and systems security specialist into the corporate application security advisor. His final accomplishments were the creation of JCPenney's application security program framework, and a significant increase in application security awareness through aggressive penetration testing policies and remediation assistance. Joey speaks publicly on a regular basis, presenting recently at HP Software Universe, OWASP Front Range Conference, CSO Breakfast Club and Secure360, and has appeared in articles by Internet Retailer, Techtarget, SC Magazine, SD Times, and Information Week.