DevSecOps, Compliance GRC, and the Future of Application Security – Francesco Cipollone – ASW #177
DevSecOps has been traditionally very people centric. It is hard to measure software security and the landscape is becoming increasingly more complex with container, cloud, and infrastructure. Driving an appsec program at scale is often an art that only few can master and the majority of organizations remain uncovered from an appsec perspective. Measuring DevSecOps and evolving risk-based vulnerability management is a must. Bringing along risk people and GRC has traditionally been challenging.
Segment Resources:
- AppSec Cali 19 Talk: https://www.youtube.com/watch?v=cegMUjo25Zc
- ADDO19: https://www.youtube.com/watch?v=x1p3exzkTIY
- Open Security Summit 20 - https://www.youtube.com/watch?v=8myMG36gq4o, https://www.youtube.com/watch?v=mh_P1C1a-CM
Announcements
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Throughout 2022, CRA's Business Intelligence Unit will be releasing research reports on the top topics across the security industry. Our first report will be on Third-Party Risk and the Supply Chain. To participate in the survey, please visit https://securityweekly.com/thirdpartyrisk. The results will be shared at our Third-Party Risk eSummit in January.
Guest
Francesco Cipollone is a multi start-upper and cybersecurity professional. Francesco was the former AppSec and Cloud Security lead for HSBC, lead Cloud Security for AWS Professional Services, and previously consulted with the United Nations. He is also Chair of the Cloud Security Alliance, a published author, podcaster, and public speaker.
Hosts
