AppSecCon 2022

The World's Biggest Virtual AppSec Conference
By Security Leaders, For Security Leaders
9
Days
:
9
Hours
:
9
Minutes
Live Now!
A Virtual Conference
AppSecCon 2022
Phil Venables
VP - Google, CISO - Google Cloud
Nikhil Gupta
Founder and CEO, ArmorCode Inc
A Virtual Conference
AppSecCon 2022
Bashar Abouseido
SVP & CISO, Charles Schwab
Teza Mukkavilli
CISO, ChargePoint
A Virtual Conference
AppSecCon 2022
Maria N. Schwenger
Partner, Cloud Native Build Leader, IBM
Vandana Verma
Chair, OWASP, Security Relations Leader, Snyk
A Virtual Conference
AppSecCon 2022
Gary Hayslip
Global CISO, Softbank Investment Advisers, “The Vision Fund”
Pavi Ramamurthy
VP, CISO, Upstart
A Virtual Conference
AppSecCon 2022
Jyothi Charyulu
Director, Security Assurance, Platform Engineering,Fidelity Investments
Russell Ragar
Head of Product Security, Snapdocs
A Virtual Conference
AppSecCon 2022
Sujeet Bambawale
VP & CISO, 7-Eleven
Vijay Jajoo
Partner, KPMG, Cyber Security Services

Video Sessions

Security Needs Community | AppSecCon 2022
9:00 AM - 9:30 AM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Phil Venables - Google/Google Cloud
Nikhil Gupta - ArmorCode Inc.
AppSec 101: What, Why, How of Application Security | AppSecCon 2022
9:30 AM - 10:00 AM

Successful application security practices need to bring people, process and technology together to enable software development teams to ship secure and ship fast - and this necessitates a new category of security practice. Application security, or AppSec, is an important field for security professionals. Learn what this all means from our team of security leaders.

In this panel discussion you will learn:

  • What application security is and how it integrates with traditional security practices
  • Why it's critical in modern software development teams
  • How to roll out AppSec across your organization and, leverage people, process and technology correctly
Speaker
Jennifer McLarnon - Accenture
Best Practices in DevSecOps Implementation | AppSecCon 2022
10:00 AM - 10:30 AM

For an AppSec program to be successful, software organizations need to undergo a cultural shift. But this change is complex and gradual. While this shift is underway, it’s easy to get overwhelmed with too many alerts and warnings from the diverse set of security tools deployed in the software pipeline. Organizations making this transition need guidance on the best approaches that provide improved AppSec with the resources at hand.

In this panel discussion you will learn:

  • How to smooth the transition to an improved AppSec posture
  • Organize, prioritize and manage existing security tools and warnings to prevent overwhelming the team
  • Get the most out of your security investment with the right combination of people, processes and technology
Speakers
Les Correia - Estée Lauder
Russell Ragar - Snapdocs
Sangram Dash - CDK Global

An important aspect of the organizational culture shift needed for improving AppSec is the critical role of security champions. Security champions are your AppSec specialists who help lead, mentor and train the team. These champions help share the load with the dedicated AppSec leaders helping magnify the impact of AppSec in the organization. They lead by example for the development team and are pivotal to driving the cultural change needed for security.

In this session you will learn:

  • How to communicate and educate your teams on security approaches and best practices
  • Leverage security champions embedded within the development teams to scale the impact of your AppSec program
  • Measure and coach teams through the process to improve both their and the organization's overall application security posture
Speakers
Nitin Raina - ThoughtWorks
Nazneen Rupawalla - Thoughtworks
Championing a Security Culture | AppSecCon 2022
10:30 AM - 11:00 AM
The State of AppSecOps - Survey Results | AppSecCon 2022
11:00 AM - 11:30 AM

As organizations look to develop and improve their AppSec program, questions arise such as “What are others doing?” and “How do I compare?” Luckily, these questions and more are answered in the results of the 2022 State of AppSec Operations survey. Security programs mature by learning from leaders and laggards. Understanding where your organization lies in terms of AppSec maturity provides a pathway to improvement.

In this session you will learn:

  • How leading organizations structure their AppSec program for success
  • The stages of maturity that AppSec programs go through
  • The practices, tools and technologies that provide the most value at each stage of maturity
Speakers
Mark Lambert - ArmorCode Inc.
Building a Winning AppSec Business Case | AppSecCon 2022
12:00 PM - 12:30 PM

Budgets are tight, but security risk is real and looming. Investing in AppSec is important but needs a business case to get funding. There’s a solid return on investment for each AppSec dollar spent, however, the hard part is articulating this message to stakeholders in your organization. Building a business case means creating a solid value proposition for your organization based on tangible examples and data.

In this panel discussion you will learn:

  • How to make the business case for AppSec
  • Present the importance of AppSec to leadership

  • Leverage existing resources to optimize your ROI
  • How to measure the success of your AppSec program
Speakers
Jyothi Charyulu - Fidelity Investments
Maria N. Schwenger - IBM
Mark Lambert - ArmorCode Inc.
Securing the Software Supply Chain | AppSecCon 2022
12:30 PM - 1:00 PM

Recent examples of security attacks in the software supply chain have made it clear more needs to be done. Recent examples such as the Log4j vulnerability and SolarWinds attack have raised the profile of these types of incidents. The increasing use of off- the- shelf and open source software has created a greater attack surface for applications. However, there are ways to manage this risk with due diligence in purchasing and reusing software. An important component of supply chain risk management is software composition analysis (SCA) and the software bill of materials (SBOM) which provides a way to communicate software composition both internally and externally to your organization.

In this session you will learn:

  • How to secure your software supply chain
  • What a software bill of materials (SBoM) is and how to leverage them to manage software supply chain risk
  • Where the industry is going and what the future holds for managing the software supply chain
Speakers
Cassie Crossley - Schneider Electric
Allan Friedman, PhD - Cybersecurity and Infrastructure Security Agency
Caleb Queern - KPMG Cyber Security Services
Security Considerations for M&A | AppSecCon 2022
1:00 PM - 1:52 PM

Mergers and acquisitions (M&A) are commonplace in today's high tech world. They are complex transactions that expose companies to risk - especially security risk. This is particularly important for software organizations as mergers and acquisitions mean assuming the inherent security in the merger. Acquirers don’t understand the scope of the risk they open themselves up to so due diligence is critical. Understanding the potential risks as well as potential solutions to manage this risk is critical knowledge before M&A begins.

In this panel discussion you will learn:

  • Why security considerations are so critical for reducing the overall business risk in M&A
  • Critical things to look for when performing a security review
  • How to address and manage security risks in M&A
Speakers
Sujeet Bambawale - 7-Eleven
Arvin Bansal - AmerisourceBergen
Adrian Peters - Vista Equity Partners
Day 1 Closing Session | AppSecCon 2022
1:55 PM - 2:25 PM

After a great first day at AppSecCon 2022, Laura Bell pulls together the day's themes and digs into our role as application security professionals in this age of amazing technological innovation. By looking at the ways that technology is impacting our lives today, we can understand how powerful our contribution can be when securing the life-changing technologies of the future.

Speakers
Laura Bell - SafeStack Academy
Scaling Application Security to the Speed of DevSecOps | AppSecCon 2022
9:00 AM - 9:30 AM

Application security operations tend to be difficult to scale and can be painful. Application development has changed radically: From waterfall to Agile development and from monolithic application architecture to microservices and software delivered at the edge. Software development is growing exponentially and the speed at which software is created has also accelerated dramatically. We have accelerated from yearly releases to multiple releases every week or, in some cases, every build. However, approaches to application security have not transformed to keep pace. Application security professionals increasingly find themselves falling behind—and many are forced to piece together manual reporting and workflows across siloed security tools as stopgaps.

In this presentation you will learn:

  • How to identify the source of AppSec chaos and how to bring order to it
  • Challenges in scaling AppSec programs and how to overcome them
  • Why visibility and automation are very important for scaling AppSec
Speakers
Bashar Abouseido - Charles Schwab
Nikhil Gupta - ArmorCode Inc.
Teza Mukkavilli - ChargePoint
The Purple Book of Software Security  | AppSecCon 2022
9:30 AM - 10:00 AM

Securing software in a world moving at the speed of DevOps is a monumental challenge. To take this challenge head-on, more than 25 innovative security leaders came together to build a community and create the Purple Book. This free resource documents current software security challenges and approaches that work with the goal of helping people and organizations everywhere work toward simplifying security while staying protected and compliant.

In this panel discussion you will learn:

  • The importance of community and how Purple Book helps coalesce and document security expertise
  • Overview of the Purple Book chapters
  • The future for Purple Book and its community and how to get involved
Speakers
Valmiki Mukherjee - Cyber Future Foundation
Mithun Rajoor - S&P Global
Vandana Verma - Snyk
Zero Trust DevSecOps | AppSecCon 2022
10:00 AM - 10:30 AM

Zero-trust has recently come into focus as a powerful tool to combat the recent explosion of cybersecurity attacks. However, developers new to the concepts and framework are left with more questions than answers: What does the death of “trust but verify” mean for developers? How does zero-trust relate to DevSecOps? How can developers work within a zero-trust zero-trust framework while still maintaining agility and flexibility? Join this session to get these questions answered and more.

In this session you will learn:

  • The what, why and how of zero-trust in DevSecOps
  • How to set up zero-trust DevSecOps in your organization
  • How to create a holistic zero-trust DevSecOps strategy that doesn’t slow down development or release timelines
Speakers
Upendra Mardikar - Snap Finance
Deepak Mathur - KPMG US
Mark Lambert - ArmorCode Inc.
Building Your Personal Brand in AppSec | AppSecCon 2022
10:30 AM - 11:00 AM

Security is the hottest topic in application development; it is literally headline news. The job market is ‘hot’ and companies in all industries are hiring cybersecurity professionals. In order to seize this opportunity, how do you maximize your impact? An important part of making headway in this new space is building your personal brand. Your brand will help you stand out from the crowd and open up new opportunities and career paths. Start building that AppSec brand today.

In this session you will learn:

  • How to become a security thought leader, externally and within your organization|
  • How to measure and communicate your successes
  • How to get involved in the industry and broaden your network
Speakers
Gary Hayslip - SoftBank Investment Advisers
AppSecOps Platform: Build vs Buy | AppSecCon 2022
11:00 AM - 11:30 AM

For an AppSec program to be successful, it needs to be operationalized. This means the solution provides the necessary visibility, collaboration and productivity with tangible results. The question then becomes whether to build or buy. Is it worth building and maintaining your own AppSecOps platform? Or is a prebuilt vendor solution more cost-effective?

In this panel discussion you will learn:

  • The importance of an AppSecOps platform for scaling your AppSec program
  • Critical capabilities needed in an AppSecOps platform
  • Tradeoffs between build versus buy and how to make the right choice for your organization
Speakers
Kunal Bhattacharya - American Family Insurance Company
Sitaraman Lakshminarayanan - Guardant Health
Pavi Ramamurthy - Upstart
Shifting Security Compliance Left with DevSecOps Tooling | AppSecCon 2022
11:00 AM - 11:30 AM

Most SaaS service providers have adopted a microservices-based architecture with an API-first approach. Engineering and product leaders mandate that teams innovate at a rapid pace to keep up with hypergrowth. To keep up, development teams have embraced Agile methodology for product development and have adopted DevOps and DevSecOps practices. DevSecOps seeks to shift security left in the development cycle and, in this presentation, we will talk about practical approaches for making DevSecOps successful. We will discuss all the security and compliance controls that need to exist in a typical CI/CD environment both from a process and tooling perspective. Our talk will address these challenges both from engineering and security perspectives.

Speakers
Prabhath Karanth - TripActions
Chris Cholette - TripActions
Governance, Risk, and Compliance | AppSecCon 2022
12:00 PM - 12:30 PM

Whether you have SOC2, HIPAA, GDPR, PCI or ISO requirements for application development,  governance, risk and compliance (GRC) is an essential practice for your organization. You literally can’t ship without compliance, a large undertaking with serious budget and schedule implications. Software organizations struggle with scaling and managing GRC while also modernizing their development pipeline with Agile and DevOps and Cloud deployment.

In this panel discussion you will learn:

  • The challenges of applying GRC to a modern software development process
  • Core elements of any scalable GRC practice
  • How to collaborate across teams to ensure continuous compliance
Speakers
Piyoush Sharma - Zuora
Rohan Singla - ChargePoint
Andy Kim - CyberCatch
Modern Vulnerability Management | AppSecCon 2022
12:30 PM - 1:00 PM

The modern approach to software delivery changed from annual releases on dedicated hardware to monthly, daily or even continuous releases deployed on dynamically created and configured containers in the cloud. To keep pace with this rapid and dynamic nature of modern software delivery, the approach to vulnerability management has to change. The focus can no longer be on infrastructure and perimeter defense;, consideration is needed for the application and rapid release schedules.  There needs to be a holistic view of vulnerability management that spans infrastructure and applications.

In this session you will learn:

  • Unify infrastructure and application security vulnerabilities to get a 360-degree view of your security posture
  • Leverage correlation of findings across security tools and automation to scale the impact of your security team
  • Coordinate and collaborate across appsec and development teams to reduce remediation times
Speakers
Mark Lambert - ArmorCode Inc.
Practical Approaches to Managing Software Supply Chain Risks | AppSecCon 2022
12:30 PM - 1:00 PM

The quest to identify and address risks in someone else's software product is not for the faint-of-heart! It requires close coordination, cooperation and, ultimately, consent from your business partners - both inside and outside of your organization. How do we standardize an approach to managing software supply chain risks that is both reasonable and fair to our suppliers - and business units that rely on them - without compromising on security and exposing our organization to unacceptable risks?

In this session you will learn:

  • How to achieve and formalize internal consensus about your organization's risk
    tolerance for third-party software
  • How to tailor diligence approaches appropriate for that level of risk tolerance
  • How to avoid the traps of exceptions and risk acceptances
Speakers
Varun Badhwar - Palo Alto Networks
Max Kovalsky - Grant Thornton
Gregory Rick - Nationwide
Responding to Zero-Day Attacks & Exploits | AppSecCon 2022
1:00 PM - 1:30 PM

The recent Log4Shell and other Log4j vulnerabilities shook the industry. Security teams and developers around the world have been scrambling to respond as quickly as possible. Despite this response, the impact of these vulnerabilities will be felt for years. Log4j isn’t the first significant zero-day vulnerability, nor will it be the last. An important step for improving your security posture is learning how to prepare for the inevitable, the next black swan event, and ensure your organization is able to respond fast and respond well.

In this panel discussion you will learn:

  • Personal experiences responding to Log4j
  • Challenges and successes across the industry
  • How to prepare for the next zero-day attack
Speakers
Yashvier Kosaraju - Sendbird
Teja Myneedu - Splunk
Rohit Parchuri - Yext
Hiring Application Security Professionals | AppSecCon 2022
1:00 PM - 1:30 PM

A successful AppSec program begins with the realization that security is, first and foremost, a people problem. Tools and processes don’t improve security alone. Hiring great people, along with training and awareness, is a key part of AppSec success. Finding the right kind of team players is key, those who can work across organizational boundaries and excel at facilitating the collaboration between security and development teams.

In this session you will learn

  • The technical and non-technical skills to look for in an AppSec engineer
  • How to coach your existing team to become AppSec professionals
  • How to get new hires “up and running” quickly and scale the impact of the team
Speakers
Vijay Jajoo - KPMG Cyber
Caleb Queern - KPMG Cyber Security Services
Vandana Verma - Snyk
Day 2 Closing Session | AppSecCon 2022
1:30 PM - 2:00 PM

Join your peers to wrap up two days of exciting AppSec content in this closing session of AppSecCon. Although lots of ground has been covered, there’s still lots to do and discuss. How will your AppSec plans change after the conference?

In addition, the session will talk about the community we’ve created and how to carry this forward. We hope you’ll continue the dialogue at the Purple Book Community, a place to connect practitioners and equip them with the expertise to embrace secure development practices, solve ever-evolving challenges, and ultimately democratize software security.

In this session you will learn:

  • The ever-evolving nature of the AppSec and AppSecOps dialogue
  • The power of community working together and learning from peers
  • How the Purple Book Community can help
  • Launch of the Purple Book of Software Security! The full book will be made available on May 19th at 9:00 AM PST
Speakers
Nikhil Gupta - ArmorCode Inc.
Poornaprajna Udupi - Good Money
Dhawal Thakker - Grant Thornton
A Yoga Session with Julie Weiss | AppSecCon 2022
A Mixology Lesson with Murdo MacLeod | AppSecCon 2022
The World’s Biggest Virtual AppSec Conference
By Security Leaders, For Security Leaders
AppSec's top concerns, best practices, and case studies from trusted leaders. AppSecCon's virtual sessions are now available on-demand.

Diamond Sponsors

The Conference for All Things AppSec

Agile, DevOps, cloud deployment, microservices, and open source have all dramatically accelerated application delivery and complexity. Today’s AppSec teams have been outnumbered by as much as 100:1 by developers.

Securing software in a world moving at the speed of DevOps is a monumental challenge: but when experienced leaders and practitioners share their insights, the journey is illuminated with clearly marked milestones, challenges, best practices, and case studies.

AppSecCon 2022 connected the world of security with the world's top security leaders, to listen and share strategies on a global stage. With sessions designed to impart expert insights, whether you are starting afresh or managing a mature AppSec program, this conference will help you sharpen your saw.

AppSecCon is proudly brought to you by the Purple Book Community.

Our Distinguished Speakers

Phil Venables
VP - Google, CISO - Google Cloud
LinkedIn Logo
Bashar Abouseido
SVP & CISO, Charles Schwab
LinkedIn Logo
Nikhil Gupta
Founder and CEO, ArmorCode Inc
LinkedIn Logo
Teza Mukkavilli
CISO, ChargePoint
LinkedIn Logo
Sujeet Bambawale
CISO,
7-Eleven
LinkedIn Logo
Cassie Crossley
Director of Product
and Systems Security,
Schneider Electric
LinkedIn Logo
Varun Badhwar
CEO, Endor Labs; Ex-GM, Prisma Cloud, Palo Alto Networks
LinkedIn Logo
Jyothi Charyulu
Director, Security Assurance, Platform Engineering,Fidelity Investments
LinkedIn Logo
Russell Ragar
Head of Product Security, Snapdocs
LinkedIn Logo
Les Correia
Global Head of Application Security, Estee Lauder
LinkedIn Logo
Sean Davis
Chief Security Architect, TransUnion
LinkedIn Logo
Upendra Mardikar
CISO, Snap Finance
LinkedIn Logo
Arvin Bansal
Sr. Director, Security AmerisourceBergen
LinkedIn Logo
Allan Friedman
Senior Advisor and Strategist, Cybersecurity and Infrastructure Security Agency
LinkedIn Logo
Prabhath Karanth
Head of Security Assurance, Compliance & Trust
LinkedIn Logo
Sangram Dash
Sr. Director - Security GRC and IAM at CDK Global
LinkedIn Logo
Mark Lambert
VP of Products, ArmorCode Inc
LinkedIn Logo
Valmiki Mukherjee
Chairman and Founder,
Cyber Future Foundation
MD, Ernst and Young
LinkedIn Logo
Yashvier Kosaraju
VP of Security , Compliance & IT at Sendbird
LinkedIn Logo
Adrian Peters
Managing Director, CISO, Vista Equity Partners
LinkedIn Logo
Sitaraman Lakshminarayanan
Director Security Architecture at Guardant Health
LinkedIn Logo
Rohit Parchuri
VP, CISO, Yext
LinkedIn Logo
Teja Myneedu
Head of Product Security, Splunk
LinkedIn Logo
Kunal Bhattacharya
Head, DevSecOps, American Family Insurance
LinkedIn Logo
Pavi Ramamurthy
VP, CISO, Upstart
LinkedIn Logo
Maria N. Schwenger
Partner, Cloud Native Build Leader, Americas
LinkedIn Logo
Nitin Raina
VP - Cyber, Information Security & Enterprise risk management, ThoughtWorks
LinkedIn Logo
Piyoush Sharma
Director Security,
Zuora
LinkedIn Logo
Vandana Verma
Global Board of Directors, OWASP
LinkedIn Logo
Mithun Rajoor
Global Head - Application Security at S&P Global
LinkedIn Logo
Vijay Jajoo
Partner, Cyber Security Services
LinkedIn Logo
Gary Hayslip
CISO, Softbank Investment Advisers, “The Vision Fund”
LinkedIn Logo
Jennifer McLarnon
Security Consulting Senior Manager, Accenture
LinkedIn Logo
Laura Bell
CEO and Founder, SafeStack Academy
LinkedIn Logo
Chris Cholette
VP Productivity and Site Reliability Engineering, TripActions
LinkedIn Logo
Poornaprajna Udupi
CTO, Good Money
LinkedIn Logo
Caleb Queern
Director, KPMG Cyber Security Services
LinkedIn Logo
Nazneen Rupawalla
Security Consultant, ThoughtWorks
LinkedIn Logo
Deepak Mathur
Managing Director,
KPMG US
LinkedIn Logo
Andy Kim
VP/CISO,
CyberCatch
LinkedIn Logo
Rohan Singla
Director,
ChargePoint
LinkedIn Logo
Dhawal Thakker
Managing Director,
Grant Thornton
LinkedIn Logo
Dr. Donnie Wendt
Adjunct Professor,
Utica College
LinkedIn Logo
Max Kovalsky
Managing Director,
Grant Thornton
LinkedIn Logo
Greg Rick
Associate VP, Cloud & Application, Nationwide
LinkedIn Logo