DevSecOps, Compliance GRC, and the Future of Application Security – Francesco Cipollone – ASW #177

Security Weekly Productions API security, Cloud Security Tech, Container Security, DAST, dockerized, exploits, Francesco Cipollone, Incident Response and Forensics, Integrating Security into DevOps, intrusion detections, John Kinsella, log analysis, Microsegmentation, Mike Shema, Mobile Application Assessment, Next Wave of Digital Transformation, OpenShift In Action, ransomware, Raspberry PI Model B, SAST, Secure Coding Practices, Siemens, SOAR Software, sql injection, sw composition analysis, Sysmon DNS logging, The 3 Ways of DevSecOps, the current state of privacy and software development, The Human Element of Application Security, Threat Hunting & AI Hunter, threat intelligence, ThreatStack, vulnerabilities, WAFs, XSS Vulnerability, Zscalers December 13, 2021

DevSecOps has been traditionally very people centric. It is hard to measure software security and the landscape is becoming increasingly more complex with container, cloud, and infrastructure. Driving an appsec program at scale is often an art that only few can master and the majority of organizations remain uncovered from an appsec perspective. Measuring DevSecOps and evolving risk-based vulnerability management is a must. Bringing along risk people and GRC has traditionally been challenging.

Segment Resources:
– AppSec Cali 19 Talk: https://www.youtube.com/watch?v=cegMUjo25Zc
– ADDO19: https://www.youtube.com/watch?v=x1p3exzkTIY
– Open Security Summit 20 – https://www.youtube.com/watch?v=8myMG36gq4o, https://www.youtube.com/watch?v=mh_P1C1a-CM Visit https://www.securityweekly.com/asw for all the latest episodes!

Full Episode Show Notes

DevSecOps, Compliance GRC, and the Future of Application Security

Guests

Francesco Cipollone – CEO & Founder at AppSec Phoenix Ltd

@FrankSec42

Francesco Cipollone a multi start-upper and cybersecurity professional, Francesco was the ex AppSec and Cloud Security lead for HSBC, Lead Cloud Security for AWS Professional Service, and previously consulted with the United Nations. Francesco is also Chair of the Cloud security alliance, published author, podcaster and public speaker.

Hosts

John Kinsella – Co-founder & CTO at Cysense

@johnlkinsella

John Kinsella is the Chief Architect for Accurics

Mike Shema – Security Partner at Square

@Codexatron

Mike Shema is a Security Partner at Square.

Announcements

Throughout 2022, CRA’s Business Intelligence Unit will be releasing research reports on the top topics across the security industry. Our first report will be on Third-Party Risk and the Supply Chain. To participate in the survey, please visit https://securityweekly.com/thirdpartyrisk. The results will be shared at our Third-Party Risk eSummit in January.
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

DevSecOps, Compliance GRC, and the Future of Application Security – Francesco Cipollone – ASW #177

DevSecOps, Compliance GRC, and the Future of Application Security

Guests

Hosts

Announcements

Related Posts

An Easier Way For Security To Keep Pace