SAINTCON 2023 - Michael Fischer - You are the reason your AppSec Program is failing

Discover how to transform your AppSec program from failure to success. Learn the secrets of CEO and senior executive involvement, clear roles and expectations, and the importance of people, process, and technology.

Key takeaways
  • The success of an AppSec program relies on the involvement and support of the CEO and senior executives.
  • Clear roles, expectations, and responsibilities are essential for an effective AppSec program.
  • Standard controls are insufficient to meet the demands of modern application security.
  • Regular and constant communication with engineering leadership is crucial for successful collaboration.
  • AppSec teams should focus on people, process, and technology in that order.
  • Generative AI can be helpful but should be used with caution and understanding of its limitations.
  • SLAs should be realistic and agreed upon by all parties involved.
  • Training and education are essential for all stakeholders, including engineering teams and security champions.
  • Accurate and comprehensive inventory of applications and assets is vital for effective AppSec.
  • Automation of metrics and testing is necessary to keep up with the pace of modern software development.
  • Communication and coordination are key to successful AppSec programs, both within the security team and with other stakeholders.