Application Security Programs On the Rise, Skills Lacking: A SANS Survey
- Wednesday, February 12th, 2014 at 1:00 PM EST (18:00:00 UTC)
- Frank Kim, Will Bechtel, Erik Peterson and Ryan English
You can now attend the webcast using your mobile device!
Learn what 488 IT professionals have to say in the 2014 Application Security Programs and Practices survey. Results indicate an increase in number of organizations with a formal application security program in place. Approximately 83% of respondents (up from 66%) have an Appsec program in place, and more than 37% (up from 33%) have a program that has been operating for more than five years.
In the survey, more than 35% of respondents test the security of their business-critical applications on an ongoing basis, up from 23% in last year's survey. And, encouragingly, only a small percentage (fewer than 3%) of respondents left application security to chance and did not test at all.
The survey also found that a lack of qualified staff and lack of skills are seen as the major inhibitors to instituting Appsec programs. Learn these and other valuable and surprising insights into the challenges that organizations face today in implementing a successful Appsec program. Hint: It's not only funding and getting management buy-in. There are other, more fundamental problems that are preventing people from taking care of security where it makes the most difference, particularly upfront in design and development.
Click here to view the associated whitepaper.
Will Bechtel is the director of product management for the Web Application Scanning and Malware Detection Service at Qualys. Prior to joining Qualys, Will was the application security practice lead for AT&T's Security Consulting and a senior consulting manager in the Application Security Practice for VeriSign's Global Security Consulting. Will has extensive experience working with organizations worldwide to enhance application security programs.
Frank Kim is the founder of and principal consultant with ThinkSec, and the SANS Institute's curriculum lead for application security. Frank has more than 14 years of experience in software development, information technology and security, and has designed and developed applications for large healthcare, technology, insurance and consulting companies. Frank currently focuses on security strategy and application security program development, with a special interest in integrating security into the software development life cycle. Frank is the author of the SANS Institute's "Secure Coding in Java" course; he has spoken internationally at events including JavaOne, Devoxx, Jazoon and UberConf, and was recently named a JavaOne Rock Star.
Erik Peterson is the director of technology strategy for Veracode with 19 years of security industry experience, including senior leadership and technology roles for HP, SPI Dynamics, GuardedNet and Sanctum. Erik has also held InfoSec roles at Moody’s and SunTrust Bank and IT roles for the U.S. Embassy in Vienna, Austria and the UN IAEA.
Ryan English serves as global director for the Fortify on Demand team at HP. In this role, he manages strategic alignment of the Fortify on Demand group and provides oversight of the Fortify on Demand delivery team. Previously, English was vice president of product management and professional services at Vigilar, where he was responsible for overseeing product strategy and direction of their security products and services, and served in various quality assurance and product management positions. English is a seasoned speaker on the topic of security testing and quality assurance and has spoken at several industry events including RSA, HP Discover, HP Software Universe, Mercury World, Better Software, STAREAST, STARWEST, and IBM Rational Development Conference.