In this post Target/Home Depot breach era, Application Security programs still seem to struggle at organizations of all sizes. The reasons for this 'mediocre' success range from mis-alignment between information security and application development groups to simply the lack of resources available for identification and remediation of legacy application security vulnerabilities.
Organizations continue to suffer repeat attacks as well as successful system compromises in light of pervasive poor application security issues. Join Information Security practitioners from Time Warner and Visa to discuss the evolution of enterprise application security at their own organizations.
The audience will learn:
The latest state of the art in application security: Runtime Application Self-Protection;
The importance of a balanced approach to enterprise security, requiring appropriate investment in application security;
How enterprises can build business cases for investment in application security.
Enterprise information security encompasses a broad set of disciplines and technologies, but at the highest level they can be broken down into three main categories: network security, endpoint security and application security. Network security and endpoint security have advanced greatly in the last few years and enterprises have invested appropriately. Hackers, meanwhile, have switched their focus to applications since they remain a softer target to attack. This is why Gartner estimates that more than 70% of all hacks happened at the application layer in 2013 - becoming the main attack surface for hackers.
Allocation of security budgets has not yet matched this transition and enterprises are now recognizing the need to make an appropriate investment in application security. However, building a modern application security program is not trivial and there are many challenges including alignment between security and application development teams, finding resources with appropriate security expertise, the costs associated with remediation of legacy applications and staying ahead of zero day attacks.
This webinar will draw on the experience and expertise of senior security leaders at Time Warner and Visa to discuss the evolution of enterprise application security and in particular:
Product Security and Assurance, Global Payments Technology Company
Fares has global responsibility for the Secure Software Development life Cycle (SSDLC) program at a premier global payments technology company, protecting $6 trillion of global payment card transactions annually and over 1000's of applications that support a large network of clients on both Business-to-Business (B2B) and Business-to-Clients (B2C) interface. Fares has over 12 years of IT and IT security experience, leading highly skilled application security team, research and development, and vulnerability assessment skills, security application architecture and evangelist of the defense in depth methodology. Defining and articulating corporate application security program strategies and posture to corporate top executives, and enforcing corporate vulnerability management and application development methodologies.
Julien is the co-founder and CEO of Prevoty, which provides a next-generation application security platform. Most recently, Julien founded Personagraph, an Intertrust company focused on mobile user privacy. Before joining Intertrust as Director of Corporate Development, he built and led Thomson/Technicolor's digital advertising business unit in Latin America. Julien started his career as a Corporate Auditor at Thomson/Technicolor after launching his first startup in college, the first French social network exclusively for students. Julien received a B.S. from I.S.G and an MBA from the Tuck School of Business, Dartmouth College.
CISO, Home Depot
Jamil Farshchi is the chief information security officer at The Home Depot since March 2015. Named one of the top 10 most influential chief information security officers by Sys-Con Justice Systems, he has successfully protected some of the world's most sensitive information assets including nuclear weapons, financial systems and networks and complex technologies such as the space shuttle, Hubble Telescope, and Mars Rover. Farshchi's information security background is diverse, from leading a team at the Los Alamos National Laboratory (LANL) to building risk-based security programs for media conglomerate Time Warner, as well as having held senior executive positions at NASA and VISA. As the inaugural chief information security office at The Home Depot, Farshchi is charged with the unique challenge of securing and enabling some of the most engaging, valuable and widely consumed content and has overall responsibility for Home Depot's information security, data protection and vulnerability management.