Conference:  Global AppSec San Francisco 2022

Authors: Warren Kopp

2022-11-18

Building an application security program is hard. Application Security teams struggle to grow, be effective, or get budget. Why? They’re missing the collaboration. You face resistance from developers, they don’t want to change their practices. You face resistance from testers, this isn’t in their test plans. You face resistance from leadership, SAST costs how much?! Overcoming this adversity depends on growing your communication and collaboration skills. It’s key to learn how to identify stakeholders for AppSec output. Who needs to know about your metrics? Why do they need to know that? Is it Marketing, to help sell your software, your posture, your commitment? Is it Compliance, to know about all the hard work that gets done building secure defaults? Is it Operations, so they know how to report new vulnerabilities? These are only a few examples of where in your company you might find new allies.At every level in an organization there are people who need to know about Application Security who aren’t currently even aware of the concept. And they need your help to get there. Attendees will learn about sharing their hard work with the right people across their organization. They will learn about how to find the right people for their message, and about building the right message for the audience. They will learn how to solicit feedback and build actionable plans and goals to address it.It is on the shoulders of Application Security Teams to reach out and build a community around their goals. This takes a lot of meetings, a lot of compromise, and quite often a lot of doing “non-security” work. But it builds a stronger team that breaks down existing silos. It builds a more effective organization that can adapt to changes in customers, markets, and technologies. Building a community around application security amplifies effort, but more importantly, strengthens the output. After building your community you will learn about vulnerabilities sooner, address questions quicker, and support your customers better, all while delivering more secure software.

Conference:  OWASP 20th Anniversary Event

Authors: Sam Stepanyan, Tom Brennan

2021-09-24

The presentation discusses the importance of OWASP chapters in advancing tactical knowledge and understanding software security. It emphasizes the value of membership and consistent meetings in recruiting attendees and building a community.

• OWASP chapters are important in advancing tactical knowledge and understanding software security
• Multiple people in the chapter should share a common bond and understanding
• Understanding historical changes and policies can help utilize operational processes
• OWASP has around 300 projects on its list, constantly growing every day
• Existing projects can be used as content for meetings and collaboration
• Recruiting attendees is not difficult if the focus is on software security
• Membership is important in shaping the direction of the organization and building a global community
• Consistent meetings and virtual components are useful in building a community