Global organizations have been working off of a broken or non-existent threat model. Distracted with compliance, plagued with undefined attack surfaces, a deluge of inoperable threat intel, risk distortions, and made complacent by a sea of controls, *Sec practitioners should feel compelled to reboot their approach. This talk will exemplify how key OWASP projects can truly bootstrap the smallest of *Sec groups to make a measurable impact to applying security through measurable technology in lieu of security smokescreens that plague our industry. Come hear an OWASP commission for change and hear how an OWASP security mesh can exemplify a model that can be imitated by audience members to apply to their own respective security programs and overall companies.
