Build Better Defenses
October 29–30, 2017: Training
October 30–November 1, 2017: Tutorials & Conference
New York, NY

The art of securing 100 products

Nir Valtman (NCR Corporation)
11:20am–12:00pm Tuesday, October 31, 2017
Teachable moments
Location: Sutton South
Average rating: ****.
(4.00, 1 rating)

Who is this presentation for?

  • CISOs, CIOs, IT/IS program managers, engineering and IT security professionals, and R&D leaders

Prerequisite knowledge

  • A basic understanding of security and software development (e.g., knowing that build servers exist, being aware of bug tracking systems, etc.)

What you'll learn

  • Learn how to gain quick wins while scaling out an application security program and team and how to implement product security in diverse software organization
  • Understand how to get maximum buy-in from stakeholders within the company


You’ve probably heard people stating something is a best practice, but how many times have you actually successfully implemented these best practices in your products?

Step outside the best practices comfort zone, as Nir Valtman walks you through a thought experiment to secure 100 products. Along the way, Nir explores procedural and technological challenges such as working with diverse software architectures, multiple development languages and platforms, a variety of development lifecycles, injecting security into continuous integration and delivery, and more.

You’ll learn solid approaches to cope with these challenges—scaling out the application security team’s capabilities, putting the right tools in place, and following newly introduced rules of thumb to build a successful team—and leave armed with the practical execution smarts to secure products on a massive scale.

Photo of Nir Valtman

Nir Valtman

NCR Corporation

Nir Valtman heads the application security of the software solutions for NCR Corporation. Previously, Nir led security for R&D at Retalix (acquired by NCR) and held several application security, penetration testing, and systems infrastructure security positions. Nir is a frequent speaker at leading conferences around the world, including Black Hat, DEF CON, BSides, RSA, and OWASP. He holds a BS in computer science, but his knowledge is mainly based on cowboy learning and information sharing with techno-oriented communities such as bloggers and the open source community (particularly for the AntiDef, Cloudefigo, and SAPIA tools).