Difference between revisions of "Enterprise Application Security - GE's approach to solving root cause and establishing a Center of Excellence"

From OWASP
Jump to: navigation, search
(Created page with '== The presentation == rightLeader of GE Corporate cross-business, company-wide Application Security Program, Darren Challey, will share how, wi…')
 
 
Line 1: Line 1:
 
== The presentation  ==
 
== The presentation  ==
  
[[Image:Owasp_logo_normal.jpg|right]]Leader of GE Corporate cross-business, company-wide Application Security Program, Darren Challey, will share how, with the help of Softtek, GE has established a holistic application security program that seeks to detect, correct and prevent security defects throughout the application lifecycle. The program's "Center of Excellence", focused on finding defects early and fixing the root cause, has assessed several thousand applications across different GE business units, observing significant improvements in application security over the past years.
+
[[Image:Owasp_logo_normal.jpg|right]]GE has established a holistic Application Security Program that seeks to detect, correct and prevent security defects throughout the application lifecycle. The program is focused on finding defects early in the development process and fixing the root cause through company-wide deployment of Guidance, Education, Tools and Metrics. The program's "Center or Excellence" has assessed several thousand applications across different GE business units and has observed, through metrics, a significant improvement in the security of the applications being deployed over the past several years.  This presentation analyzes some of the critical success factors for this program and shares key performance indicators that demonstrate how these programs are making a difference in the overall security of source code.  
  
 
== The speaker  ==
 
== The speaker  ==
Darren Challey currently holds the position of GE Application Security Leader. He leads and maintains a cross-business, company-wide "AppSec Working Group" and is in charge of establishing policies, procedures and best practices, providing guidance, services and tools. Prior to his current role, Darren has occupied several positions at different GE businesses, including: IT Controller at GE Corporate; IT Sarbanes-Oxley Leader, Six Sigma Black Belt and Web Master & Program Manager at GE Commercial Finance; and Electrical, Mechanical & Nuclear Engineer at GE Energy. After earning his BS degree in Mechanical Engineering from Union College, Darren received a Masters in Engineering, Computer Systems at Rensselaer Polytechnic Institute. Mr. Challey is a Certified Information Systems Auditor (CISA) as well as a Certified Information Systems Security Professional (CISSP).
+
Darren Challey is the GE Application Security Leader and is responsible for establishing: policies, procedures, metrics, best practices, guidance, education, services and tools for ensuring that software developed for or by GE is secure. He also chairs a cross-business "Application Security Working Group" that discusses and makes decisions upon the overall vision and direction of the program. Prior to his current role, Darren has occupied many roles at different GE businesses, including: IT Controller at GE Corporate; IT Sarbanes-Oxley Leader, Six Sigma Black Belt and Web Master & Program Manager at GE Commercial Finance; and Electrical, Mechanical & Nuclear Engineer at several GE Energy businesses. After earning his BS degree in Mechanical Engineering from Union College, Darren received a Masters of Engineering, Computer Systems at Rensselaer Polytechnic Institute. Mr. Challey is a Certified Information Systems Auditor (CISA) as well as a Certified Information Systems Security Professional (CISSP).  
  
 
[[Category:OWASP_AppSec_DC_09]] [[Category:OWASP_Conference_Presentations]]
 
[[Category:OWASP_AppSec_DC_09]] [[Category:OWASP_Conference_Presentations]]

Latest revision as of 17:10, 24 September 2009

The presentation

Owasp logo normal.jpg
GE has established a holistic Application Security Program that seeks to detect, correct and prevent security defects throughout the application lifecycle. The program is focused on finding defects early in the development process and fixing the root cause through company-wide deployment of Guidance, Education, Tools and Metrics. The program's "Center or Excellence" has assessed several thousand applications across different GE business units and has observed, through metrics, a significant improvement in the security of the applications being deployed over the past several years. This presentation analyzes some of the critical success factors for this program and shares key performance indicators that demonstrate how these programs are making a difference in the overall security of source code.

The speaker

Darren Challey is the GE Application Security Leader and is responsible for establishing: policies, procedures, metrics, best practices, guidance, education, services and tools for ensuring that software developed for or by GE is secure. He also chairs a cross-business "Application Security Working Group" that discusses and makes decisions upon the overall vision and direction of the program. Prior to his current role, Darren has occupied many roles at different GE businesses, including: IT Controller at GE Corporate; IT Sarbanes-Oxley Leader, Six Sigma Black Belt and Web Master & Program Manager at GE Commercial Finance; and Electrical, Mechanical & Nuclear Engineer at several GE Energy businesses. After earning his BS degree in Mechanical Engineering from Union College, Darren received a Masters of Engineering, Computer Systems at Rensselaer Polytechnic Institute. Mr. Challey is a Certified Information Systems Auditor (CISA) as well as a Certified Information Systems Security Professional (CISSP).