How does an individual change the application security culture of an organization? By designing and deploying an application security awareness program that contains engaging content, humor, and recognition. Application security awareness is part security knowledge, part lessons learned from history, and action to improve security into the future. Each company has an application security culture, but most of them need a boost. Come and experience a successful blue print for how you can build an application security awareness program of your own. The content is based on five years of real life experience implementing application security awareness in a large enterprise reaching 30,000 people. Go beyond traditional security awareness, and dive deep into changing the DNA of those who code, test, and deploy applications within their organization. The session uses the illustration of building a house, with six points used to show the ideal way to construct a successful application security awareness program. We move from answering what is application security awareness, to providing the details for how anyone can build a program of their own. This advice is from real life experience; this is how we did it, and how anyone in the audience can use this blue print to deploy their own program. The six blueprints are: Mission: how to define and build a team to support Program architecture: design a program that covers all roles and recognizes achievements, on a budget Curriculum: what to teach, and how to decide what to include Humor: how to use humor to engage the audience Content Creation: how to build application security learning that people want to enjoy Tools: things you can add to enhance the program's organizational visibility

Chris Romeo is CEO, Principal Consultant, and co‐founder of Security Journey. His passion is to bring application security awareness to all organizations, large and small. He was the Chief Security Advocate at Cisco Systems for five years, where he guided Cisco’s Security Advocates, empowering engineers to "build security in" to all products at Cisco. He led the creation of Cisco’s internal, end‐to‐end application security awareness program launched in 2012. Chris has twenty years of experience in security, holding positions across the gamut, including application security, penetration testing, and incident response. Chris is a sought after conference speaker, with experience speaking at the RSA Conference, ISC2 Security Congress, AppSec USA, and many others. Chris holds the CISSP and CSSLP certifications and is fond of saying “We are all security people."

How does an individual change the application security culture of an organization? By designing and deploying an application security awareness program that contains engaging content, humor, and recognition. Application security awareness is part security knowledge, part lessons learned from history, and action to improve security into the future. Each company has an application security culture, but most of them need a boost. Come and experience a successful blue print for how you can build an application security awareness program of your own. The content is based on five years of real life experience implementing application security awareness in a large enterprise reaching 30,000 people. Go beyond traditional security awareness, and dive deep into changing the DNA of those who code, test, and deploy applications within their organization. The session uses the illustration of building a house, with six points used to show the ideal way to construct a successful application security awareness program. We move from answering what is application security awareness, to providing the details for how anyone can build a program of their own. This advice is from real life experience; this is how we did it, and how anyone in the audience can use this blue print to deploy their own program. The six blueprints are: Mission: how to define and build a team to support Program architecture: design a program that covers all roles and recognizes achievements, on a budget Curriculum: what to teach, and how to decide what to include Humor: how to use humor to engage the audience Content Creation: how to build application security learning that people want to enjoy Tools: things you can add to enhance the program's organizational visibility

Back to Converge 2016 video list