How to Build an AppSec Training Program That Isn’t Boring

Presented at Global AppSec - DC 2019, Sept. 13, 2019, 11:30 a.m. (45 minutes).

Training plays a critical role in software security because developers often start with little security knowledge. This lack of knowledge can be augmented through use of automated tools and dedicated security professionals to discover vulnerabilities, but security personnel can be challenging to scale and tools cannot identify many weaknesses. Maybe you currently have some training in place, but it isn’t well received and seen more as a mandatory interruption rather than providing real value. Maybe the content doesn’t feel up to date or relevant to your team based on the technology frameworks they use. Other challenges include budget constraints, attendee participation, knowledge retention, training recurrence, tracking, and measuring general effectiveness. This presentation will examine various approaches for providing application security training within your organization or team. We’ll look at how you can leverage free and low-cost content to get started with a limited budget, and examine pros/cons of various forms of training: instructor-led, computer-based training, hands-on labs, gamification, etc. We will detail actionable steps you can take to bootstrap, monitor, and maintain a customized program that builds lasting appsec knowledge in your organization.

Presenters:

  • Brice Williams - SysLogic
    Brice Williams is the Practice Lead for Application Security Services at SysLogic Inc. and has over 20 years of experience in software development and security best practices. Brice serves as a trusted advisor to global organizations providing modern cybersecurity guidance and support; including developer training, application pen-testing, secure product design, and secure development lifecycle programs. Brice has developed and conducted cybersecurity training classes for thousands of software developers around the world and is passionate about improving the state of cybersecurity at the earliest stages of software development. Brice is also a founding partner of Cyberspect, a startup in the application security space that provides tools to empower development teams to deliver more secure code.

Links:

Similar Presentations: