Management wants a security program setup in the software development life cycle (SDLC). You have very little programing experience. What do you do? This talk will walk through my experience of setting up appsec programs with minimal programming experience. The first part of the journey will cover tools. How a dynamic and static analyzer fit into an appsec program. Working with developers to remediate findings. Options for tracking vulnerabilities. Training developers to use the tools. The second part of the journey will focus on strategy. Understanding the environment. Implementing assessments and processes. Training developers to improve their security mindset. Finally, the talk will touch on potential next steps. This talk is for those looking to make an impact in the SDLC.

Timothy De Block is a senior software security engineer based in Nashville, TN. In his current role he provides guidance to the development on all things security. He believes in building strong relationships and putting people in a position to succeed. As a presenter he believes in quality and providing practical actionable advice to his audience. He is a founding member of ColaSec and the local OWASP chapter in Columbia, SC. When he’s not playing The Division or Overwatch he’s producing the Exploring Information Security podcast. A weekly interview based podcast that touches on different infosec topics.

Back to Converge 2017 video list