Security teams spend a lot of time focused on the results and impact of what happens when applications FAIL at security. In turn, we have a bad habit of 'Monday-Morning-Quarterback'ing all the things that should have happened to prevent the security failure in the first place. But have you ever attempted to fully implement ALL of the security advice that's out there in conjunction with business priorities? Well, I did. In this presentation, I will share what I learned about what it takes to get application security right from design to delivery, how to communicate about REAL risk (without the FUD) and why we should eliminate the word 'just' from our remediation recommendations.
Yolonda Smith is a Lead Infosec Analyst with Target Corporation Business Information Security Office, aligned with the Digital portfolio. She provides security consultancy to developers and key stakeholders, ensuring Target's web and mobile applications are designed, developed and deployed with minimal risk to Target or its guests. \n\nPrior to Target, Yolonda served in the United States Air Force as a Cyberspace Operations Officer with responsibilities including Mission Commander, where she planned and executed the first DoD Hunting Missions to Flight Commander, where her team developed and fielded the first and only malware neutralization capability for the Predator Drone Weapon System.