Presented at
AppSec USA 2013,
Nov. 20, 2013, 10 a.m.
(50 minutes)
Audio recording of panel:
https://www.youtube.com/watch?v=ZWARRluApsA&list=PLpr-xdpM8wG8ODR2zWs06JkMmlRiLyBXU&index=22
Software assurance in the past 5 - 6 years has emerged as the key focus area for information security professionals. The C - suite has recognized software assurance to be more than a hygiene problem as the application security breaches have started making impact to the bottom line of the companies. The international regulators are demanding systems that are more resilient. The number and complexity of cyber breaches keeps on increasing, there is no relief in sight... lets learn what is working and what is not.
Presenters:
-
Sean Barnum
- Cyber Security Principal - MITRE
Sean Barnum is a Principal and Cyber Threat Intelligence Community Lead at The MITRE Corporation where he acts as a thought leader and senior advisor on information security topics to a wide variety of players within the US government, commercial industry and the international community. He has over 25 years of experience in the software industry in the areas of architecture, development, software quality assurance, quality management, process architecture & improvement, knowledge management and security. He is a frequent contributor, speaker and trainer for regional, national and international information security and software quality publications, conferences & events. He is very active in the Information Security community and acts as a community leader and technical architect for numerous knowledge standards-defining efforts including the Structured Threat Information eXpression (STIX), the Cyber Observable eXpression (CybOX), the Common Attack Pattern Enumeration and Classification (CAPEC), the Malware Attribute Enumeration and Characterization (MAEC), the Common Weakness Enumeration (CWE), the Software Assurance Findings Expression Schema (SAFES). He is coauthor of the book "Software Security Engineering: A Guide for Project Managers", published by Addison-Wesley. He is involved in the information security related standards efforts of ISO, OMG and IETF, among other international standards bodies. He also acted as the lead technical subject matter expert for design and implementation of the Air Force Application Software Assurance Center of Excellence (ASACoE).
-
Ramin Safai
- Chief Information Security Officer - Jefferies
Ramin Safai is the first Chief Information Security Officer at the Jefferies. AS CISO, Ramin is responsible for Jefferies global cyber security and IT risk management programs. Prior to joining Jefferies, Ramin was Americas CISO at Barclays and had global responsibilities for rollout of application security and identity management programs. For the past 15 years Ramin has worked as an Information Security officer at large banks including: Credit Suisse, Lehman Brothers, JP Morgan and Barclays.Ramin holds degrees in Electronics Engineering, Computer science and MBA from New York University.
-
Jason Rothhaupt
- Broadridge
Leader of technology risk management functions for financial service companies. Currently focused on reducing the risk that insecure application pose to critical business functions and processes.
Specialties:Application Security
Information Security
Technology Risk Management
Business Continuity Planning
Strategic Risk Management
Certified Information Security Manager (CISM)
-
Suprotik Ghose
- Head of Security, Risk & Control, Americas - RBS
Suprotik Ghose
Head of Security, IT Risk & Control, M&IB Americas
Head of Security Operations, Global M&IB
Suprotik Ghose has over 22 years of experience (18 years in financial services), in infosec policy, privacy, compliance and IT risk. Since June 2012, Mr. Ghose has been the Head of Security, Risk & Control at Royal Bank of Scotland (RBS) Americas. Previously he was VISA's Global Head of CyberSecurity and the Principal CyberSecurity Strategist within Microsoft's Worldwide Cybersecurity team responsible for providing Cybersecurity and related services to global CIOs and CISOs. Earlier from 2003-2010, Mr. Ghose was the Head of Information Security at the Financial Industry Regulatory Authority (FINRA). From 1999-2003, Mr. Ghose co-founded a software company focused at network and security change management and held the positions of Senior Manager of Security Consulting with AT&T (working for S.W.I.F.T.) and Vice President/Security Architect within Citibank's Information Security group.
Mr. Ghose is certified as CISA, CISM, CISSP, CRISC, CCSK and ITILv2; and holds a MBA from Illinois and an undergraduate degree in electrical engineering.
-
Pravir Chandra
- Security Architect at Bloomberg - Bloomberg
Pravir Chandra is a veteran in the security space and a long-time OWASP contributor, including his role as the creator and leader of the Open Software Assurance Maturity Model (OpenSAMM) project. Currently as security architect for the CTO of Bloomberg, he drives proactive security initiatives that demonstrate concrete value for the firm. Prior to this, Pravir was Director of Strategic Services at HP/Fortify where he lead software security assurance programs for Fortune 500 clients in a variety of verticals. He is responsible for standing up the most comprehensive and measurably effective programs in existence today. As a thought leader in the security field for over 10 years, Pravir has written many articles, whitepapers, and books and is routinely invited to speak at businesses and conferences world-wide.
-
Ajoy Kumar
- Head of Application Security - UBS
Extensive experience in designing, implementing, and managing enterprise Software Security Program from ground up. Strong innovation skills have led in many value delivery systems in the enterprise. Strong believer in implementing security process and technology controls over the information lifecycle.
Enjoy creating state of art practice for security with demonstrated leadership in establishing database and application security programs.
Links:
Similar Presentations: