Presented at
Diana Initiative 2019,
Aug. 10, 2019, 10 a.m.
(60 minutes).
Security teams spend a lot of time focused on the results and impact of what happens when there's a security failure. In turn, we have a bad habit of 'Monday-Morning-Quarterback'ing all the things that should have happened to prevent the security failure in the first place. But have you ever attempted to fully implement ***all*** of the security advice that's out there in conjunction with business priorities? Well, I did. In this presentation, I will share what I learned about what it takes to get application security right from design to delivery, how to communicate about *REAL* risk (without the FUD) and why we should eliminate the word "**just**" from our solutioning.
Presenters:
-
Yolonda Smith
- Lead Infosec Analyst at Target
Yolonda Smith is a Lead Infosec Analyst with Target Corporation’s Business Information Security Office (BISO), aligned with the Digital portfolio. In this role, she provides expert security consultancy to developers, business leaders and key stakeholders to ensure that Target's web and mobile applications are designed, developed and deployed with minimal risk to Target or its guests.
A security professional herself, she spent 8 years in the United States Air Force as a Cyberspace Operations Officer with duties and responsibilities varying from Mission Commander, (Advanced Network Operations) where her team planned and executed the first DoD Cyber Threat Hunting Missions to Flight Commander, (Cyber Defense Capabilities Development) where her team developed and fielded the first and only malware neutralization tool for the Predator Drone Weapon System. Additionally, she successfully completed multiple deployments in support of Operations Iraqi Freedom and Enduring Freedom where her teams delivered secure, reliable communications capabilities to forward-deployed units on-demand.
Yolonda holds a litany of degrees and certifications including a Bachelor of Science, Computer Science (University of Notre Dame, 2005), Master of Science, Information Technology, with a concentration in Information Assurance (University of Maryland, 2010) as well as GSEC (2008), GCIH (2011), and CISSP (2008) certifications.
Links:
Similar Presentations: