I will be speaking next month in Monterey, CA at the TECHIntersetcion conference under the Security track on a couple of one topics: (updated 9/14/2015 - The Secure SLDC talk was dropped to consolidate space for the conference)
Threat modeling is a way of thinking about what could go wrong and how to prevent it. Instinctively, we all think this way in regards to our own personal security and safety. When it comes to building software, some software shops either skip the important step of threat modeling in secure software design or, they have tried threat modeling before but haven't quite figured out how to connect the threat models to real world software development and its priorities. In this session, you will learn practical strategies in using threat modeling in secure software design and how to apply risk management in dealing with the threats.
If you are still building applications with your fingers crossed, a 'we hope we've got it' attitude about security that depends on reactive testing alone, there is a better approach. Inserting security throughout the Software Development Lifecycle (SDLC) will not only release and maintain secure applications, but decrease development costs and timelines at the same time. A Secure SDLC (a.k.a. Application Security Program, Secure Development Lifecycle (SDL), etc.) comes in many forms, but there are some fundamental elements necessary for any Secure SDLC program to be successful. In this session, you will learn those common elements and how they can help eliminate the trial and error processes common when organizations attempt to build applications or follow an SDLC without building in security.
This conference includes lots of great talks and speakers on Architecture, IoT, and Security. If interested, you can use my discount code HURLBUT for a $50 Discount! http://ow.ly/QJKqj . I hope to see you there!
