Making Open Work
May 8–9, 2017: Training & Tutorials
May 10–11, 2017: Conference
Austin, TX

Application security: From zero to hero

Jeremy Anderson (Cambia Health Solutions)
11:00am11:40am Wednesday, May 10, 2017
Location: Meeting Room 10 A/B
Level: Beginner
Average rating: ***..
(3.14, 7 ratings)

Who is this presentation for?

  • Developers, security architects, security engineers, and managers

Prerequisite knowledge

  • Basic software development process terms, such as waterfall, Agile, and DevOps

What you'll learn

  • Understand where to start, how to scale, and how to maintain good application security in a fast-paced DevOps environment


Does your security team think finding a bunch of defects and giving a report to devs is a job well done? Do your in-house developers have the expertise to successfully identify software security defects on their own and know how to resolve security defects once identified? Do you have plenty of secure coding experts so that every development team has access to advice or mentoring on how to improve the security of their code? Do development teams test early and often in the SDLC instead of waiting until just before production to ask for a scan of their application? Is your current AppSec process transparent to developers? Do you think testing your software for security defects once or twice a year is enough, even though changes to your software happen perhaps as often as several times a day?

Application security is tough. But while the rest of the world tries to solve the problems of insecure software with firewalls and intrusion detection, Jeremy Anderson explains how to solve the problem where it starts: at the code that defines it. Join Jeremy to learn how to fix code security defects when they’re created instead of during production when it’s already too late.

Topics include:

  • How to transition from “test it the week before production” to “test it every day during development”
  • How to get teams to adopt the testing platform and scan their code on a regular basis
  • How to get security programs funded and implement the technology quickly
  • How to scale the program in a short time without adding tons of staff
Photo of Jeremy Anderson

Jeremy Anderson

Cambia Health Solutions

Jeremy Anderson has 16 years’ experience developing software solutions for numerous Fortune 500 companies. Jeremy is currently a secure software architect and CSSLP at Cambia Health Solutions, where he is charged with bootstrapping and scaling an application security program from the ground up for dozens of applications produced by hundreds of developers. He’s been successful at making it happen—in a timeline measured in months instead of years.