FROC2010 Abstract Dickson
The Presentation: "The Permanent Campaign: Driving a Secure Software Initiative in the Enterprise"
The majority of information that exists about software security either focuses on technical means to build secure applications, or strategies to put controls in a software development process. There is a dearth of information regarding how managers should push secure initiatives forward, convincing executives that software security is critical to trusted business operations. This presentation focuses on how security officers or development leaders can apply a disciplined approach to building internal consensus to build secure software. A five-step process will be laid out that will enable a manager to characterize the landscape, secure management buy-in, baseline the existing risks, set modest goals and attempt to achieve them, and sustain the initiative. Emphasis will be on actionable steps that successful managers have used to drive the adoption of secure software strategies in large organizations.
The Speaker: John Dickson
John Dickson, CISSP, has over 15 years in the information security field including hands-on experience with intrusion detection systems, telephony security, and application security in the commercial and government sectors. In his current position as a Principal at Denim Group, he helps Chief Security Officers of Fortune 500 clients and Federal organizations launch successful software initiatives. John regularly speaks on the topic of application security at venues such as the RSA Security Conference and the Computer Security Institute’s (CSI) conferences.