We will have a collaborative discussion to identify and define the core components of a well functioning AppSec or Software Security program. And we’ll highlight which activities have the highest impact. We’ll query attendees to highlight real experiences and observed patterns they have noted in well performing (or not) AppSec programs.
Discussion will focus on ideal patterns for:
- Identifying the Value add of an AppSec program
- Choosing what to measure
- Understanding Code Delivery Pipelines
- Defect remediation workflows
- Understanding the Team(s)
- Making the AppSec Program Org specific
- Building a 12 month roadmap
To do this, participants will be seated in small groups (4-8 people per table) and given an anonymized business scenario where an organization has decided to build or further mature an AppSec program. Teams will have a set time to discuss the scenario and come up with a 12-month roadmap. Teams will then get the opportunity to stand and explain their scenario to the rest of the participants in the workshop and what they included in their 12-month roadmap.
As we work through each scenario, common patterns and innovative solutions will be observable.
We’ll then close with a general synthesis segment where we recap covered material and highlight what were common ideal patterns or innovative solutions demonstrated by the groups. The goal is not to lecture the attendees but create an environment where it is easy to share and poll from the depth of experience found amongst the participants.
Participants will also go home with a worksheet that highlights main takeaways and helps leaders build their own roadmap for defining, building, or maturing their Application Security Program.
