Evolution of Application Security Programs
Thursday, Dec. 7, 9:45 a.m. - 11:15 a.m.
Room: Ballroom C
Application security has become one of the most important frontiers for protecting digital assets, and has effectively changed focus from protecting network perimeters to ensuring security around dozens, hundreds, or even thousands of applications. With the rapid growth of applications, and a wide range of development methodologies (DevOps, Agile, Continuous Integration to name a few), the challenges for Application Security Programs have never been higher. This session will cover some of the latest trends in increasing the effectiveness of Application Security Programs, as presented and discussed at the latest OWASP Summit in London. Following the presentation, the group will collaborate together on specific ideas and solutions for ensuring a smooth and effective transition towards DevOps. During the collaborative portion of the session, all attendees will be invited to provide feedback and discuss examples of advantages and risk mitigation techniques specific to DevOps and Open Source software.
Yan Kravchenko, Chief Information Security Officer, Atomic Data
As Chief Information Security Officer (CISO), Mr. Kravchenko is responsible for managing the Security and Compliance resources. He confronts the evolving and ever present data security challenges facing Atomic Data and its clients. Mr. Kravchenko brings more than 20 years of technology and information security experience to Atomic Data, the last six of which he served as compliance advisory practice lead at NetSPI. He primarily addressed unique security and compliance challenges in the healthcare space during that time. Additionally, Mr. Kravchenko has six years of experience in the payment card industry as a practicing QSA. Mr. Kravchenko received a B.S. degree in Information Systems Management from Regis University. He also holds a wide array of industry certifications including CISSP, CSSLP, CISA, and CISM.