Derek Fisher

I have nearly 20 years of experience in both hardware and software engineering. I have spent the last 5 years in an Enterprise Security role as a developer, an architect and an application security manager where my team provides security services to our development organization. These services include vulnerability management and remediation, assistance with secure code analysis tools, threat modeling, risk evaluation of development features, and driving the secure software development life cycle across development. I have been the lead architect on some of the more exciting security projects in our organization, including projects related to HTTPS and certificate management. I lead a weekly meeting of security architects that meet to discuss and review security topics impacting our industry and applications. Becoming the application security manager in the Enterprise Security organization has given me the opportunity to work with our development organization to discover opportunities for improvement and engage in many different parts of the engineering space from design to delivery. Because of this visibility, I have spent the past year working on how our development organization can leverage the ASVS in our software development life cycle. This has required me to navigate the various nuances of our culture, process, and operating procedures in order to understand where and how the ASVS can be used to deliver more secure software.

Presentations: