(Audio only after 4:00) PANEL: Aim-Ready-Fire
Software assurance in the past 5 - 6 years has emerged as the key focus area for information security professionals. The C - suite has recognized software assurance to be more than a hygiene problem as the application security breaches have started making impact to the bottom line of the companies. The international regulators are demanding systems that are more resilient. The number and complexity of cyber breaches keeps on increasing, there is no relief in sight... lets learn what is working and what is not.
Research Director, Enterprise Security Practice, 451 Research
Wendy Nather is Research Director, Security, within 451 Research's Enterprise Security Program, providing analysis on the current state of security from the perspective of a veteran CISO. Wendy's primary areas of coverage are on application security and security services. Wendy joined 451 Research after five years building and managing all aspects of the IT security program at the Texas Education Agency, which serves 4.6 million Texas students.
Cyber Security Principal, MITRE
Sean Barnum is a Principal and Cyber Threat Intelligence Community Lead at The MITRE Corporation where he acts as a thought leader and senior advisor on information security topics to a wide variety of players within the US government, commercial industry and the international community. He has over 25 years of experience in the software industry in the areas of architecture, development, software quality assurance, quality management, process architecture & improvement, knowledge management.
Security Architect at Bloomberg, Bloomberg
Pravir Chandra is a veteran in the security space and a long-time OWASP contributor, including his role as the creator and leader of the Open Software Assurance Maturity Model (OpenSAMM) project. Currently as security architect for the CTO of Bloomberg, he drives proactive security initiatives that demonstrate concrete value for the firm. Prior to this, Pravir was Director of Strategic Services at HP/Fortify where he lead software security assurance programs for Fortune 500 clients.
Head of Security, Risk & Control, Americas, RBS
Suprotik Ghose | Head of Security, IT Risk & Control, M&IB Americas | Head of Security Operations, Global M&IB | | Suprotik Ghose has over 22 years of experience (18 years in financial services), in infosec policy, privacy, compliance and IT risk. Since June 2012, Mr. Ghose has been the Head of Security, Risk & Control at Royal Bank of Scotland (RBS) Americas. Previously he was VISA's Global Head of CyberSecurity and the Principal CyberSecurity Strategist within Microsoft's Worldwide.
Head of Application Security, UBS
Extensive experience in designing, implementing, and managing enterprise Software Security Program from ground up. Strong innovation skills have led in many value delivery systems in the enterprise. Strong believer in implementing security process and technology controls over the information lifecycle. | | Enjoy creating state of art practice for security with demonstrated leadership in establishing database and application security programs.
Leader of technology risk management functions for financial service companies. Currently focused on reducing the risk that insecure application pose to critical business functions and processes. | | Specialties:Application Security | Information Security | Technology Risk Management | Business Continuity Planning | Strategic Risk Management | Certified Information Security Manager (CISM)
Chief Information Security Officer, Jefferies
Ramin Safai is the first Chief Information Security Officer at the Jefferies. AS CISO, Ramin is responsible for Jefferies global cyber security and IT risk management programs. Prior to joining Jefferies, Ramin was Americas CISO at Barclays and had global responsibilities for rollout of application security and identity management programs. For the past 15 years Ramin has worked as an Information Security officer at large banks including: Credit Suisse, Lehman Brothers, JP Morgan.
Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project