The Elephant in AppSec Conference
The Elephant in AppSec Conference
Powered by
about 1 month ago
Replay

Track 1: General AppSec Topics

About

Explore what’s broken in AppSec and how to fix it.

This track is full of bold insights and spicy takes that challenge the status quo.

Explore all the abstracts here 👉 https://www.theelephantinappsec.com/schedule

📆 Track 1 "General AppSec Topics" Schedule:

9:00 AM - 9:05 AM PST: Opening Word

9:05 AM - 9:35 AM PST: Tanya Janca - "Shifting Left Doesn’t Mean Anything Anymore"

9:40 AM - 10:10 AM PST: Kim Wuyts - "Compliance is overrated"

10:15 AM - 10:45 AM PST: Cassey Crossley - "Accountability in Application Development"

10:50 AM - 11:20 AM PST: Akira Brand - "Mycelium as the Path: How the Fungi Kingdom Guides us Toward Resilience in Our Cyber Programs"

11:25 AM - 11:55 AM PST: Chris Romeo - "Why the 'Secure by Design' pledge won't save us from AppSec failures"

12:00 PM - 12:25 PM PST: Dustin Lehr - "Building a Proactive Developer Security Culture - Can We Actually Make it Work?"

1:05 PM - 1:35 PM PST: Jacob Salassi - "Shift left sucks for SWEs: AppSec is a structured data problem"

1:40 PM - 2:10 PM PST: Expert Panel: Mel Reyes, Ariel Shin, Alina Yakubenko - "The Challenge of Scaling AppSec: Why It's Harder Than You Think"

2:15 PM - 2:45 PM PST: Aravind Sreenivasa - "My mistakes in building an AppSec team"

2:45 PM - 3:00 PM PST: Closing Remarks

Speakers

Tanya Janca

Tanya Janca

Head of Education & Community @ Semgrep

Tanya Janca, also known as SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security’. She is also the Head of Education and Community at Semgrep, sharing content and training that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty-seven years, won countless awards, and has been everywhere from public service to tech giants, writing software, leading communities, founding companies and ‘securing all the things’. She is an award-winning public speaker, active blogger & podcaster and has delivered hundreds of talks on 6 continents. She values diversity, inclusion, and kindness, which shines through in her countless initiatives.

Kim Wuyts

Kim Wuyts

Manager Cyber & Privacy @ PWC

Dr. Kim Wuyts is a leading privacy engineering expert with over 15 years of experience in security and privacy. Before joining PwC as Manager Cyber & Privacy, Kim was a senior researcher at KU Leuven where she led the development and extension of LINDDUN, a popular privacy threat modeling framework. Her mission is to raise privacy awareness and get organizations to embrace privacy engineering best practices. She is a guest lecturer, experienced speaker, and invited keynote at international privacy and security conferences such as OWASP Global AppSec, RSA, Troopers, CPDP, and IAPP DPC.

Kim is also a co-author of the Threat Modeling Manifesto, program co-chair of the International Workshop on Privacy Engineering (IWPE), and a member of ENISA’s working group on Data Protection Engineering.

Cassey Crossley

Cassey Crossley

VP Supply Chain Security @ Schneider Electric

Cassie Crossley, Vice President, Supply Chain Security in the global Cybersecurity & Product Security Office at Schneider Electric, is an experienced cybersecurity technology executive in Information Technology and Product Development. She has many years of business and technical leadership experience in supply chain security, cybersecurity, product/application security, software/firmware development, program management, and data privacy. Cassie has designed frameworks and operating models for end-to-end security in software development lifecycles, third party risk management, cybersecurity governance, and cybersecurity initiatives.

Akira Brand

Akira Brand

AppSec Engineer and DevRel consultant

Akira is an AppSec Engineer and DevRel consultant. She delights in the dance between security and software development and is on a mission to enable software developers to integrate security into their day-to-day practices. One of her favorite hobbies is introducing developers to the cybersecurity world in a way that relates to their lives, not the lives of the security team. For fun, she’s turning her lawn into a pollinator habitat and food forest.

Chris Romeo

Chris Romeo

CEO and Co-Founder @ Devici

Chris Romeo is a leading voice and thinker in application security and threat modeling and the CEO of Devici and General Partner at Kerr Ventures. Chris hosts the award-winning “Application Security Podcast,” “The Security Table,” and “The Threat Modeling Podcast” and is a highly-rated industry speaker and trainer. Chris has been a startup founder multiple times and was Cisco's Chief Security Advocate. Chris has twenty-seven years of security industry experience spanning multiple disciplines, including application security, security engineering, incident response, and various Executive roles.

Jacob Salassi

Jacob Salassi

Co-Founder @ Stealth-mode Startup. Former Director of Product Security at Snowflake.

Jacob Salassi is a Co-Founder of Stealth-mode Startup and former Director of Product Security at Snowflake. Jacob led Snowflake's pre- & post IPO transformation from a bottlenecked, security engineer centric process that slowed teams down to a developer owned security process that ships features faster and more securely. Today his teams handle security architecture, software security assurance, software engineering, threat detection, incident response, and vulnerability research for the Snowflake product. Jacob is an active member of the application security and threat modeling communities, and his team is known for their industry leading approach to modeling threats.

Mel Reyes

Mel Reyes

Former CISO/CIO, Advisor, Community Leader, Coach, and Speaker @ Cybersecurity Defense Ecosystem

Mel is a seasoned technology executive with nearly 30 years of experience building high-performing teams that drive quantifiable results for global enterprises, startups, and non-profit organizations. As a CIO and CISO, Mel has successfully navigated through the IT drama, managing application development, eCommerce, backend data integration, and global compliance with a focus on security, infrastructure, and fraud management. As a "Chaos to Order" Enterprise Security and Information Technology leader, Mel has navigated through four startups, two IPOs, three M&As, two divestitures, three Financial Services institutions, three Media Agencies, a 5-year CPG contract with Pepsi, and worked in the manufacturing sector as well as T-Mobile, Lowe's, Priceline, Publicis Groupe, and Omnicom agencies.

Ariel Shin

Ariel Shin

Security Engineering Manager @ Datadog

Ariel is a Security Engineering Manager at Datadog and a former Product Security Manager at Twilio. She has been instrumental in shaping the Product Security program at Twilio and promoting a heightened sense of security awareness within the Engineering organization. Through her empowering approach to security, Ariel led the charge in democratizing vulnerability management—an initiative that yielded significant risk reduction across the entire company. Her dedicated efforts contribute significantly to fortifying Twilio's security posture, making her a respected voice in the Product Security field.

Alina Yakubenko

Alina Yakubenko

Senior Application Security Engineer @ Toast, Inc.

Alina, Senior Application Security Engineer at Toast, Inc and former developer and QA Engineer., is dedicated to empowering developers by integrating security into everyday practices. Passionate about building a culture of security awareness, she works to ensure that security is a core component of development processes, helping teams build safer, more resilient applications.

Aravind Sreenivasa

Aravind Sreenivasa

Manager, Application Security @ SeatGeek

Aravind Sreenivasa is a Application Security Manager at SeatGeek and former Application Security Engineer at DocuSign. He started his career as a software developer and transitioned to security after obtaining a graduate degree in computer science. Aravind is passionate about making security developer friendly and integrating security with the software development process.

Dustin Lehr

Dustin Lehr

Co-founder, Katilystn Security & Sen Dir of Platform Security & Deputy CISO @ Fivetran

Accomplished software engineer turned information security leader, currently serving as Senior Director of Platform Security and Deputy CISO at Fivetran, and Co-founder, CPO, and CTO at Katilyst—a company dedicated to building a security program that incentivizes and rewards employees to take action. Dustin is the driving force behind the Security Champion Program Success Guide and possesses a wealth of experience in application security. He is also a prominent community leader, heading the "Let's Talk Software Security" group.