Every era of technology innovation has brought along with it vulnerabilities that can be difficult to predict. It’s often a race to see who can discover a vulnerability first—the good guys or the bad guys—and researchers have always tested new technology to discover potential attacks before they can be maliciously exploited.
The first wave of appsec started with boutique consultancies in the ’90s. The second wave brought automation and scale to the masses with security scanners. Rapid deployment and increasing complexity is driving the third wave, which features a liquid supply of globally sourced researchers. Jacob Hansen and Caroline Wong hold a forward-looking discussion on what’s coming next.
Caroline discusses her experiences as a security product manager and consultant during the first and second waves of application security before Jacob shares his perspective and approach to building Cobalt.io in response to the requirements driving the third wave. Caroline and Jacob then jointly examine the changing security landscape and explore how to address the current challenges and shortcomings of application scanners and traditional human-powered testing, brainstorming ideas on how to effectively connect enterprises with skilled security talent and how the latest innovations in technology can help.
This session is sponsored by Cobalt.
Jacob Hansen is the cofounder and CEO of Cobalt, which delivers crowdsourced pen tests and private bug bounties to modern organizations. Prior to founding Cobalt, Jacob was a consultant at Accenture in Copenhagen and London, where he delivered enterprise IT Solutions for Fortune 1000 clients. As an advocate of crowdsourcing and cybersecurity, Jacob has been featured in Forbes and The Verge and has spoken at various conferences internationally. Jacob’s passion for technology extends to his personal life, where he is a crypto enthusiast and cofounder of Bitcoinfilm.org, a nonprofit dedicated to sharing stories of bitcoin adoption around the world.
Caroline Wong is the vice president of security strategy at Cobalt, which delivers crowdsourced pen tests and private bug bounties to modern organizations. Caroline’s close and practical information security knowledge stems from broad experience as a Cigital consultant and a Symantec product manager as well as day-to-day leadership roles at eBay and Zynga. She is a well-known thought leader on the topic of security metrics and has been featured at industry conferences including RSA (USA and Europe), IT Web Summit (South Africa), OWASP AppSec, Metricon, the Executive Women’s Forum, ISC2, and the Information Security Forum. Caroline received a 2010 Women of Influence Award in the One to Watch category and authored the popular textbook Security Metrics: A Beginner’s Guide (McGraw-Hill, 2011). She graduated from UC Berkeley with a BS in electrical engineering and computer sciences.
©2016, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org