OWASP 2022 Global AppSec San Francisco has ended
Global AppSec San Francisco returns November 14-18.

Designed for private and public sector infosec professionals, the two-day OWASP conferences equip developers, defenders, and advocates to build a more secure web. We are offering educational 1-day, 2-day, and 3-day training courses on November 14-16.

Join us for leading application security technologies, speakers, prospects, and the community, in a unique event that will build on everything you already know to expect from an OWASP Global Conference.
Back To Schedule
Friday, November 18 • 11:30am - 12:30pm
Stakeholders and Allies: Amplifying Your Application Security Program

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Building an application security program is hard. Application Security teams struggle to grow, be effective, or get budget. Why? They’re missing the collaboration. You face resistance from developers, they don’t want to change their practices. You face resistance from testers, this isn’t in their test plans. You face resistance from leadership, SAST costs how much?! Overcoming this adversity depends on growing your communication and collaboration skills. It’s key to learn how to identify stakeholders for AppSec output. Who needs to know about your metrics? Why do they need to know that? Is it Marketing, to help sell your software, your posture, your commitment? Is it Compliance, to know about all the hard work that gets done building secure defaults? Is it Operations, so they know how to report new vulnerabilities? These are only a few examples of where in your company you might find new allies.

At every level in an organization there are people who need to know about Application Security who aren’t currently even aware of the concept. And they need your help to get there. Attendees will learn about sharing their hard work with the right people across their organization. They will learn about how to find the right people for their message, and about building the right message for the audience. They will learn how to solicit feedback and build actionable plans and goals to address it.

It is on the shoulders of Application Security Teams to reach out and build a community around their goals. This takes a lot of meetings, a lot of compromise, and quite often a lot of doing “non-security” work. But it builds a stronger team that breaks down existing silos. It builds a more effective organization that can adapt to changes in customers, markets, and technologies. Building a community around application security amplifies effort, but more importantly, strengthens the output. After building your community you will learn about vulnerabilities sooner, address questions quicker, and support your customers better, all while delivering more secure software.

avatar for Warren Kopp

Warren Kopp

Application Security Consultant, Coalfire
Warren has been active in application security since before he knew it was a thing. Starting as a helpdesk/sysadmin/QA/release engineer, he moved to an enterprise software company and built an application security program from nothing. Since transitioning to consulting in 2019 he... Read More →

Friday November 18, 2022 11:30am - 12:30pm PST
Bayview B