Keynotes
Dustin Lehr
Before shifting into cybersecurity leadership, Dustin Lehr spent 13 years as a software engineer and application architect in a variety of industries, including retail, US DoD, and even video games. This background has helped him forge close partnerships with development teams, engineering leaders, and security professionals to design programs that maximize engagement. He is currently the Sr. Director of Platform Security / Deputy CISO at Fivetran and the Co-founder / Chief Product and Technology Officer at Katilyst, which assists companies with culture change through security champion programs. Dustin also co-founded the global virtual open discussion meetup "Let's Talk Software Security!" (https://www.meetup.com/lets-talk-software-security) and authored the free Security Champion Program Success Guide (https://securitychampionsuccessguide.org).
Abstract:No, it's not enough to simply satisfy minimal "check the box" compliance requirements, react to incidents, or fix security vulnerabilities after they're in production. Focusing only on the "right side" of the software development process is a recipe for eventual disaster, and is ultimately costly to pursue. You need to focus on shifting habits and behaviors to proactively address issues long before they reach production. You need to build a culture that is full of security best practices- training, threat modeling, architecture reviews, and so on. But HOW exactly? I'll discuss techniques for shifting your culture and motivating your employees to make the right choices by incentivizing and rewarding their behaviors. We'll focus on the "people" side, and use proven techniques from the fields of behavioral science and psychology to bring your awareness and appsec game to the next level. Security takes more than just tech and this is the piece you've been missing to make a lasting difference in your company's security posture. You'll take away - An understanding for why proactive security practices are needed and why tech is not enough to make a lasting difference - Techniques for motivating your employees and developers to take action - Ideas for creative rewards and incentives that make a difference - What metrics to collect and report to leadership for the support you need to shift your culture
Before shifting into cybersecurity leadership, Dustin Lehr spent 13 years as a software engineer and application architect in a variety of industries, including retail, US DoD, and even video games. This background has helped him forge close partnerships with development teams, engineering leaders, and security professionals to design programs that maximize engagement. He is currently the Sr. Director of Platform Security / Deputy CISO at Fivetran and the Co-founder / Chief Product and Technology Officer at Katilyst, which assists companies with culture change through security champion programs. Dustin also co-founded the global virtual open discussion meetup "Let's Talk Software Security!" (https://www.meetup.com/lets-talk-software-security) and authored the free Security Champion Program Success Guide (https://securitychampionsuccessguide.org).
Abstract:No, it's not enough to simply satisfy minimal "check the box" compliance requirements, react to incidents, or fix security vulnerabilities after they're in production. Focusing only on the "right side" of the software development process is a recipe for eventual disaster, and is ultimately costly to pursue. You need to focus on shifting habits and behaviors to proactively address issues long before they reach production. You need to build a culture that is full of security best practices- training, threat modeling, architecture reviews, and so on. But HOW exactly? I'll discuss techniques for shifting your culture and motivating your employees to make the right choices by incentivizing and rewarding their behaviors. We'll focus on the "people" side, and use proven techniques from the fields of behavioral science and psychology to bring your awareness and appsec game to the next level. Security takes more than just tech and this is the piece you've been missing to make a lasting difference in your company's security posture. You'll take away - An understanding for why proactive security practices are needed and why tech is not enough to make a lasting difference - Techniques for motivating your employees and developers to take action - Ideas for creative rewards and incentives that make a difference - What metrics to collect and report to leadership for the support you need to shift your culture
Jim Manico
Jim Manico is the founder of Manicode Security, where he trains software developers on secure coding and security engineering. He is also an investor/advisor for 10Security, Aiya, MergeBase, Nucleus Security, KSOC, and Inspectiv. Jim is a frequent speaker on secure software practices, is a member of the Java Champion community, and is the author of "Iron-Clad Java Building Secure Web Applications" from Oracle Press. Jim also volunteers for the OWASP foundation as the project lead for the OWASP Application Security Verification Standard and the OWASP Cheatsheet Series. For more information, see https://www.linkedin.com/in/jmanico.
Abstract:Coming Soon!
Jim Manico is the founder of Manicode Security, where he trains software developers on secure coding and security engineering. He is also an investor/advisor for 10Security, Aiya, MergeBase, Nucleus Security, KSOC, and Inspectiv. Jim is a frequent speaker on secure software practices, is a member of the Java Champion community, and is the author of "Iron-Clad Java Building Secure Web Applications" from Oracle Press. Jim also volunteers for the OWASP foundation as the project lead for the OWASP Application Security Verification Standard and the OWASP Cheatsheet Series. For more information, see https://www.linkedin.com/in/jmanico.
Abstract:Coming Soon!