AppSecEU08 Agile Security Breaking the Waterfall Mindset
Title: Agile Security - Breaking the Waterfall Mindset of the Security Industry
Although Agile is taking software development by storm, the security industry has been skeptical or downright critical. Dave will share Aspect’s experiences rearchitecting security activities so they work with an Agile approach. He'll show how to start with a high-level threat model, create stakeholder security stories, define functional tests for security controls, use automated tools, perform periodic security sprints, and perform Agile security reviews to build an assurance argument that’s potentially even stronger than a traditional one.
About the Speaker: Dave Wichers is a cofounder and Chief Operating Officer (COO) of Aspect Security, a company that specializes in application security services. Dave is also a member of the OWASP board, is the OWASP Conferences Chair, and is a coauthor of the OWASP Top Ten. OWASP is a worldwide free and open community focused on improving the security of application software. Mr. Wichers has over 20 years of experience in the information security field, and has focused exclusively on application security for the past 10 years. At Aspect, in addition to his COO duties, he is Aspect's application security courseware lead, one of their chief instructors, and provides a wide variety of application security consulting services to Aspect's clients. Prior to starting Aspect, he ran the Application Security Services Group at Exodus Communications. Mr. Wichers has a Bachelors and Masters degree in Computer Science, is a CISSP, and a CISM.