ISSA-LA May 2020 Virtual Chapter Meeting

AppSec in the Time of Remote Working: A Panel Discussion

Join us May 20, 2020, at 11:45am PST for a 90 minute virtual lunch conversation with our distinguished panel of AppSec security experts who are on the forefront of what is going on today in software application security! The discussion will be relevant to all types of businesses, including those with and without a full in-house software development shop. We will also gain insight into what types of testing are needed, and at what stages of the SDLC that testing should occur. We will also expand into covering what development teams need to do to effectively build secure software. Our distinguished panel includes:

Speakers:

• Richard Greenberg, Moderator, ISSA-LA President
• Andrew van der Stock, Current co-lead of the OWASP Top 10 and OWASP Application Security Verification Standard
• Holly Grace Williams Technical Director at Secarma Ltd
• Jack Mannino, Chief Executive Officer at nVisium
• Jim Manico, Founder, Secure Coding Instructor at Manicode Security
• John Steven, Chief Technology Officer at ZeroNorth
• Simon Bennetts , Security Automation Engineer at Mozilla, OWASP ZAP Project Lead
• Tony UcedaVélez, CEO & Founder-VerSprite, Author of Risk Centric Threat Modeling & PASTA Methodology

RSVP Here → EventBrite

About Our Panelists

Andrew van der Stock

Andrew van der Stock is a long time security researcher and is the current co-lead of the OWASP Top 10 and OWASP Application Security Verification Standard, and is formerly an OWASP Global Board member. Andrew has trained or spoken at many conferences worldwide, including Black Hat USA, OWASP AppSec USA, AppSec EU, AppSec Cali, AusCERT, and linux.conf.au. He received AusCERT/SC Magazine’s Award for Individual Excellence in 2013 and SC Magazine’s Reboot Award for Outstanding Educator in 2019.

Holly Grace Williams

Holly Grace Williams has thirteen years of experience in leading information security teams. Her early career was spent in the military working in roles such as Site Security Officer, although she now works with a wide range of organisations delivering penetration testing, information security consultancy, and strategy guidance. She holds a Master’s degree (MSc) in Information Security from Cardiff University.

Jack Mannino

Jack Mannino is the CEO of nVisium. Passionate about security and impossible to keep away from a keyboard, his expertise spans over 15 years of building, breaking, and securing software. Jack founded nVisium in 2009, and since then has helped the world’s largest software teams enhance security across their software portfolios. He has spoken at conferences globally on topics such as secure design, mobile application security, and cloud-native security.

Jim Manico

Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also an investor/advisor for BitDiscovery, Nucleus Security, Secure Circle and Signal Sciences. Jim is a frequent speaker on secure software practices, is a member of the Java Champion community, and is the author of “Iron-Clad Java: Building Secure Web Applications” from Oracle Press. Jim also volunteers for the OWASP foundation as the project co-lead for the OWASP Application Security Verification Standard and the OWASP Proactive Controls. For more information, see http://www.linkedin.com/in/jmanico.

John Steven

John has directed and advised innovative product and services firms. Most recently, John led ZeroNorth as CTO. For two decades, John led technical direction at Cigital, where he rose to the position of co-CTO. He founded spin-off Codiscope as CTO in 2015. When both Cigital and Codiscope were acquired by Synopsys in 2016, John transitioned to the role of Senior Director of Security Technology and Applied Research. His expertise runs the gamut of software security—from managing security initiatives, to threat modeling and security architecture, to static analysis, as well as risk-based security orchestration and testing.
John is keenly interested in software-defined security governance at the cadence of modern development. As a trusted adviser to security executives, he uses his unparalleled experience to build, measure, and mature security programs. He co-authors the BSIMM study and serves as co-editor of the Building Security In department of IEEE Security & Privacy magazine. John is regularly invited to speak and keynote.

Simon Bennetts

Simon Bennetts is the OWASP Zed Attack Proxy (ZAP) Project Leader and works for Mozilla as part of the Cloud Services Security Team. Prior to making the move into security he was a developer for 25 years and strongly believes that you cannot build secure web applications without knowing how to attack them.

Tony UcedaVélez

Tony UcedaVélez is the CEO of VerSprite, a global security consulting firm serving global organizations and technology startups. VerSprite helps clients navigate crucial areas of cybersecurity, such as application security testing, threat modeling, vCISO, digital forensics, vSOC, incident response, threat intelligence, geopolitical risk, and more.

Tony is also the author of Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis (PASTA), a book endorsed by the late Cybersecurity Coordinator for the White House, Howard Schmidt. The book’s risk-based threat modeling methodology has been used in universities and enterprises worldwide and has opened doors to how security professionals approach threat models.

Richard Greenberg

Richard Greenberg is a well-known Cyber Security Leader and Evangelist, CISO, Advisor, and speaker. His 30 years of Project Management, Security Management and Operations, Policy, and Compliance experience have helped shape his broad perspective on creating and implementing Information Security Programs.
Richard has been a CISO, Director of Surveillance and Information Systems, Chief of Security Operations, Director of IT, and Project Manager for various companies and agencies in the private and public sectors.
You may have heard Richard’s interview as a Cyber Security expert on Will Ferrell’s Ron Burgundy podcast: https://www.iheart.com/podcast/the-ron-burgundy-podcast-30270227/episode/cyber-security-47951911/.
Richard is an Information Systems Security Association (ISSA) Distinguished Fellow, and has received their Honor Roll designation. He has also been selected as a finalist for both the (ISC)2 Americas Information Security Leadership Award in the Senior Information Security Professional category and the Los Angeles Business Journal CIO of the Year in Security.
Richard serves on the OWASP Global Board of Directors, leads the OWASP LA Chapter, and has been Co-Chair of the highly successful AppSec California conferences. Richard also is President of the Information Systems Security Association Los Angeles Chapter and is Chair of their widely recognized annual Security Summit and CISO Forum.

Sponsor: