Finding the Unicorn; the leader to spearhead your AppSec program

No ratings

Presented at AppSecCali 2017 by

Finally we are at a stage where Application Security is considered more or less an important part of an organization’s security strategy. Where this mindset-shift at organization level has increased the demand of application security professionals, the online resources such as OWASP are playing an important role in helping developers and security enthusiasts in becoming good application security engineers in order to meet that demand. Despite this increased rate of professionals adopting application security as career, organizations are finding it hard to attract application security talent. Ever wondered why? In speakers experience gained through interviewing and hiring several such professionals, the biggest reason organizations fail to attract application security talent is "lack of good application security leadership" in the organization. In any application security initiative, there is one specific position if filled rightly will help you in meeting organizations application security goals. This is the role of Application Security Manager. He/she gives shape to the application security program; strategize on whom and when to hire; attracts and grooms the talent; and guides the application security boat through the stormy seas of ever-changing software development processes. But, hiring the right application security manager is much bigger challenge than hiring an application security engineer. Not only because there are not many individuals with the enough experience but also due to the fact that this role is least understood and the hiring managers usually are unaware of what exactly to look for in the candidates, being their first time hiring one. If you are looking to hire an application security manager or you want to become an effective application security manager, this is the talk to attend. Speaker will take the audience through the skillet, experience and mindset required to become a good application security manager. In addition, he will cover "building blocks of an effective and scalable application security program” as a framework to interview a potential candidate as well as to become an effective application security manager or Shall we say "Application Security Leader". As a bonus, the author will also give the audience an insight into his metrics model to measure performance and effectiveness of an application security program that you can use to build KPI for the newly hired application security leader.