Enterprise Application Security Practices

Share this Post

Upcoming Events

February NetStorming
2 days 8 hours from now
Austin .Net User Group (ADNUG)
2 days 10 hours from now
February NetStorming Event 6-8pm
2 days 11 hours from now
CONNECT FORWARD Job Club
3 days 2 hours from now
Agile Austin Kanban SIG
3 days 5 hours from now
Central Texas Microsoft Busniess Intelligence User Group
4 days 4 hours from now
Agile Austin QA SIG
4 days 5 hours from now
North Austin Door64 Happy Hour
4 days 10 hours from now

Professional / User Group / Club

Start: Mar 30 2010 11:30 pm

Topic: Enterprise Application Security Practices: Real-world Tips and Techniques

How can you re-energize your company’s or institution’s commitment to secure development practices as part of the SDLC, while keeping costs in check? Dell's Security Consulting team created an application security practice with the help of several internal teams in legal, enterprise architecture, vendor management, privacy, compliance, and network engineering.

Team members Addison Lawrence, Chad Barker, and Mike Craigue will discuss some of the challenges and opportunities they have faced over the last three years, ramping from 27 project engagements in 2007, to 726 project engagements in 2009. In this session, we will discuss the creation of policies/standards, deploying a Security Development Lifecycle as an overlay to the SDLC, overcoming concerns of developers and business partners, and addressing global standardization issues.

Also included: awareness/education/training, application security user groups, security consulting staff development, risk assessments, security reviews, threat modeling, source code scans, deployment scans, penetration testing, exception management, and executive escalations. Tell us what we might do to improve our program and increase our effectiveness; discuss how you could adapt parts of this approach to your own program.

Who: Addison Lawrence, Chad Barker, and Mike Craigue (Dell, Inc.)

Addison Lawrence has 10 years of experience at Dell with leadership responsibilities in database and data warehouse security, PCI, SOX, and Dell Services security. He is a part of the Cloud Security Alliance team developing their Controls Matrix. Previously he worked for 13 years at Mobil Oil (now ExxonMobil) as a software developer and DBA. He holds an MBA from Texas A&M University and a BS in Computer Science from Texas A&M-Corpus Christi, and is a certified CISSP.

Chad has worked at Dell for 10 years primarily in software development. Chad has led global development standardization initiatives including release management automation and static source code analysis. He holds a BS in Information Systems from the University of Texas at Arlington.

Before joining Dell’s information security team 5 years ago, Mike worked as a database and web application developer at Dell and elsewhere in central Texas. He’s responsible for Dell’s application security strategy globally, and focuses primarily on Dell’s ecommerce site. He holds a PhD in Higher Education Administration / Finance from the University of Texas-Austin, and has the CISSP and CSSLP certifications.

Where: National Instruments, 11500 N Mopac, Building C which is the tallest building on campus (8 levels). There will be signs posted in the lobby to direct you where to go and the receptionists will be able to assist you as well. See directions to National Instruments.

Cost: Always Free

Questions or help with Directions... call: Josh Sokol (512) 619-6716.

RSVP on the Austin OWASP Ning Site
http://austinowasp.ning.com/

Login or register to post comments
Calendar