AppSec USA 2017 has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

KeyNote [clear filter]
Thursday, September 21


KeyNote - Discussion on Application Security: John Steven and Jim Manico will be discussing application security from a unique perspective.
avatar for John Steven

John Steven

Senior Director, Synopsys
John Steven is a Senior Director at Synopsys. His expertise runs the gamut of software security—from threat modeling and architectural risk analysis to static analysis and security testing. He has led the design and development of business-critical production applications for large... Read More →

Thursday September 21, 2017 9:00am - 9:45am
Coronado L


KeyNote - Runa A. Sandvik: Building a Culture of Security at The New York Times
The traditional approach for security teams has involved the existence
of a siloed department, slow gatekeeping controls designed in a world of
Waterfall development, and processes that aren't nearly as agile as they
should be.

The New York Times has staked its future on being a destination for
readers; the way we gather and report news is changing, so is the way we
develop products. We, the security team, need to re-examine whether
we're living up to our responsibilities and potential.

This talk will share practical lessons learned at The New York Times on
how to build and foster a culture of security across the organization.
As part of this, the talk will also explore how we can adapt to better
confront the new challenges we face as security practitioners.


Runa A. Sanvik

Runa Sandvik is the Director of Information Security at The New YorkTimes. Her primary focus over the past year has been the newsroom andhelping reporters better understand the challenges they are facing. Runaloves to travel and has spoken at numerous conferences around the world.She... Read More →

Thursday September 21, 2017 5:00pm - 5:45pm
Coronado L
Friday, September 22


KeyNote - Tony UcedaVelez: Fixing Broken Enterprise Threat Models w/ OWASP Measures: Commissioning AppSec Professionals for Real Change

Global organizations have been working off of a broken or non-existent threat model. Distracted with compliance, plagued with undefined attack surfaces, a deluge of inoperable threat intel, risk distortions, and made complacent by a sea of controls, *Sec practitioners should feel compelled to reboot their approach.  This talk will exemplify how key OWASP projects can truly bootstrap the smallest of *Sec groups to make a measurable impact to applying security through measurable technology in lieu of security smokescreens that plague our industry.  Come hear an OWASP commission for change and hear how an OWASP security mesh can exemplify a model that can be imitated by audience members to apply to their own respective security programs and overall companies. 

avatar for Tony UcedaVelez

Tony UcedaVelez

CEO, VerSprite
Tony UcedaVélez is CEO at VerSprite, an Atlanta based security services firm assisting global multi-national corporations on various areas of cyber security, secure software development, threat modeling, application security, security governance, and security risk management. Tony... Read More →

Friday September 22, 2017 5:00pm - 5:45pm
Coronado L