AppSec USA 2017 has ended
Back To Schedule
Thursday, September 21 • 2:30pm - 3:15pm
Juggling the Elephants – Making AppSec a Continuous Program

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

As security professionals charged with protecting large enterprise application portfolios, we continually find ourselves managing a wide array of disparate security initiatives, each of which demands to be treated as a top priority. Few of these initiatives ever achieve full coverage across the application portfolio. So we’re left to prioritize on the fly and try to keep everything we’re juggling in the air. Inevitably some will get dropped.


What if we could develop an AppSec program that ties those disparate initiatives together into a repeatable and continuous program that not only addresses coverage of the entire portfolio but acts as an enabler of high-paced development paradigms such as DevOps and CI/CD? In this presentation we’ll discuss a model for deploying AppSec programs that addresses these goals. A strategy for tying together various security activities including threat modeling, code reviews, and penetration tests, with business and risk processes in a way that actually makes development more efficient. We’ll discuss how an organization can tailor their own program based on the model but addressing the unique challenges and business goals of the individual firm.


You’ll see how the Continuous AppSec Model leverages the key principles of the latest OWASP SAMM to break down and unify your security activities. You’ll learn how an Application Security Program can be designed to enable continuous improvement within the program itself. You’ll discover how this continuous improvement allows for implementation of a program based on this model in an easily digestible and incremental fashion. You’ll understand how a truly continuous program allows you to better prioritize your security initiatives by providing you a clearer picture of the risks across your environment. You’ll leave with a better strategy for enabling your application teams to not only support but actually advocate for the security practices already employed within your enterprise as well as those perhaps thought too advanced for your organization.

avatar for Tony Miller

Tony Miller

Practice Leader, Aspect Security
Tony Miller is a highly experienced application security leader. Tony heads the Program Services practice at Aspect Security where he assists security and business leaders in global fortune 500 companies with strengthening their strategic approach to application security. Prior... Read More →

Thursday September 21, 2017 2:30pm - 3:15pm EDT
Coronado H