A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Security Culture in Development - Wolfgang Goerlich (Circle City Con 2015 Videose 2015) (Hacking Illustrated Series InfoSec Tutorial Videos)

Security Culture in Development
Wolfgang Goerlich

Circle City Con 2015

The majority of security vulnerabilities come from flaws in software code. While the rate in which these flaws occur remains constant, we are now developing more code than ever before as well as deploying software to many more devices. We must address the software development process and it can only be done by creating a culture of security. This session presents the Security Culture Framework (SCF) and applies it to an entirely fictional development organization. We will discuss awareness training and tying the training to tangible improvements in code. By using the SCF Topics/Planner/Metrics approach, we will move the organization toward developing every more secure code. The presentation will conclude with take-aways for applying the SCF to your software development team.

Bio: J Wolfgang Goerlich supports information security initiatives for clients in the healthcare, education, financial services, and energy verticals. He is a cyber security strategist with CBI focusing on secure software development practices. Wolfgang regularly advises and presents on the topics of changing culture, managing risk, and securing systems through-out the development lifecycle.

Back to Circle City Con 2015 Videos list

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast