Application and API Security today is fundamentally broken. Traditional pentesting and threat modeling have no hope of keeping up with the accelerating pace of software development. We have ever-increasing inventories of vulnerabilities which means our risk is increasing not decreasing. Perhaps the worst part is that the current approach is dominated by a sense of gatekeeping/policing/auditing.

This “calling your baby ugly” vibe is a direct result of the fact that security is a silo’d function at most organizations. Neither side of this conflict finds this situation enjoyable or effective.

However, building on the success of Agile and DevOps cultural transformations, many folks are investigating a cultural transformation to the way App and API Security is achieved.

This session provides a wide variety of perspectives from panelists who are at different points on their own journey towards achieving this cultural transformation.

Speakers

• Misti Cole, Opportunities for Ohioans with Disabilities, Assistant Deputy Director/Chief Operating Officer of Information Technology

• Anthony Fisic, Battelle, CISO

• Greg Skinner, NiSource, VP, IT Utilities Systems

• Hope Yin, U.S. Bank, SVP, Head of Engineering Engagement

Moderator

• Larry Maccherone, Contrast Security, Dev(Sec)Ops Transformation Architect