AppSec programs have long relied on a traditional approach, using gates, reviews, and scanning tools to achieve security and compliance. But a new era is here that calls for securing modern cloud apps, SaaS, DevOps infrastructure, and the rapidly changing environments that surround them. Many organizations struggle to shed the traditional model, delaying the reframing of AppSec that is required to both ensure modern application security and integrity and keep up with the ever-increasing velocity the business demands.
What does it take to adopt a modern AppSec approach within today’s budget realities? It starts with gaining visibility and business context within rapidly changing development environments and ensuring limited resources are applied to the highest risk issues. Seeing the whole picture allows for effective security prioritization and remediation, partnerships with security champions, drives accountability and allows teams to do more with the same budget.
Join us to hear from Jason Chan, ex-CISO of Netflix, and Legit Security CTO Liav Caspi, to learn:
- How to obtain real-time visibility and security posture awareness over rapidly changing applications and development environments.
- How to gain valuable security context to cut through the noise and prioritize efficiently.
- Methods to identify security tool redundancies and leverage existing scanners to save cost and maximize value
- How developer engagement techniques such as security champion programs, paved roads, and security metrics can improve security and AppSec productivity.
Betty currently serves on the ISSA International Board of Directors and is a past President of the MN-ISSA chapter. Betty has over twenty years’ experience in Information Technology and Information Security in positions of progressive responsibility and technical expertise. She has worked on information security planning, developing and delivering security programs. She is respected as a decision-maker and creative problem solver with demonstrated ability to achieve desired results while maintaining effective team cooperation. She has worked with several security regulations and standards including HIPAA, ISO17799, COBIT, Payment Card Industry Standard, NIST Standards and IRS Publication 1075. Betty is CISSP and CISA certified.
Jason Chan – Ex-CISO of Netflix
Jason Chan has spent over twenty years in cybersecurity and is especially passionate about large-scale systems, cloud security, and improving security in modern software development practices.
Most recently, Jason built and led the information security team at Netflix for over a decade before retiring in July 2021. His team at Netflix was known for its contributions to the security community, including over 30 open-source security releases and dozens of conference presentations. He also previously led the security team at VMware and spent most of his earlier career in security consulting. Since retiring from Netflix, Jason has been advising a variety of startups and is also an Executive in Residence at Bessemer Venture Partners.
Jason enjoys coaching, mentoring, and helping folks from underrepresented groups enter and advance in the cybersecurity industry. Outside of work, he enjoys reading, running ultramarathons, and volunteering in habitat restoration, trail maintenance, and wildfire management. He received a BS from the College of Charleston and his MS from Boston University.”
See Jason Chan‘s full profile.
Liav Caspi – CTO and Co-Founder, Legit Security
Liav Caspi is CTO of Legit Security and has a long background as a cyber-security expert starting in the Israeli unit of 8200 in various engineering, team lead, and project management roles. In previous roles, Liav worked at Argus Cyber Security building security into automotive-oriented software. He then joined an early-stage startup that was acquired by Checkmarx and led the architecture and the product management of the SCA solution – the first SaaS solution by Checkmarx dealing with open source security. In his free time, Liav enjoys technology, traveling, food, and learning new languages.
ISSA Webinars and Conference series cover all the continuing education credits to maintain your cyber security certifications. (CPEs, CEUs, ECE, etc). Each hour is equal to one continuing education credit. Certificates of completion are available upon request after completion. For instructions, click here.