Raiders of the Lost AppSec
Remember the Indiana Jones movies? For those in infosec and security trying to navigate these days seems a lot like those movies. For instance, right from the very start of the series, we are shown how defense-in-depth is not enough - or have you forgotten that Indy escaped with the idol? Or how about how many of us, trying to keep up with threats, can relate to Indy, when going after a truck, said “I don’t know, I’m making this up as I go!”? And can't we ALL relate to trying to find the Security Holy Grail to help manage and mitigate risk – and felt the pain and scars from someone who “chose poorly”? But how does application security relate? In this session we will talk about why defense-in-depth is not enough, making better data-driven decisions instead of guessing, metrics and measures that matter, building resiliency and "choosing wisely". We invite you to join us on this quest to drive trust and confidence for those customers that are looking at how you handle their data and the methods you use to protect it, because they expect you to handle it responsibly.