Last day to save $150 off Offensive Operations courses during SANS Pen Test & Offensive Training 2021!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Winning the Culture War: Infusing Security into the Software Development Culture

  • Wednesday, December 14, 2016 at 3:00 PM EST (2016-12-14 20:00:00 UTC)
  • Setu Kulkarni, Mark Geeslin


  • WhiteHat Security

You can now attend the webcast using your mobile device!



There is a good deal of talk these days about DevSecOps and Secure Development. To those working in the industry, the goals and benefits of infusing security into the development culture are quite clear and well understood. However, the process of achieving those goals and benefits is another matter entirely. How does a development organization move from point A to point B? How is a culture fundamentally transformed from one that treats security as a burden, necessary evil, or nice-to-have, at best, to one that truly embraces security, making it a priority on a par with system functionality and stability?

The adoption of a DevSecOps model, or even a less ambitious secure development model, requires some rather significant shifts in philosophy and practice for both Development and Security in order to be effective. In this webinar we will discuss practical techniques and strategies, as well as the philosophical positions underlying those strategies, that have actually been employed, and proven effective, in moving organizations to a secure development culture.

Speaker Bios

Mark Geeslin

Mark Geeslin is a Senior Principal Software Engineer and Director of Application Security at Asurion. Mark has been working in the software development and security industries for over 25 years in numerous and diverse environments, ranging from high-tech security start-ups to Fortune 100 companies. In recent years he has directed the application security programs at leading software technology firms in Silicon Valley. Besides his extensive experience as a software engineer, Mark's expertise includes large-scale application security assessments, penetration testing, threat modeling & architectural risk analysis, static & dynamic software security analysis, secure code review, and security research. Mark has earned advanced degrees in both computer science and theology, and currently holds the GWAPT, GMOB, GSSP-Java, GSSP-.NET, and GSEC certifications.

Setu Kulkarni

As the Vice President of Product Management, Setu is responsible for product vision, strategy, and direction at WhiteHat Security. Setu joins the WhiteHat leadership team after a 10+ year stint at TIBCO Software Inc., where he most recently led product management and strategy for the Operational Intelligence product portfolio. During his many years at TIBCO, he led a variety of strategic and operational initiatives – building the SOA platform for the Integration and BPM businesses, building the business launch platform for TIBCO’s cloud business, mainstreaming the LogLogic acquisition, and developing the next-gen ITOA offering. Earlier in his career, Setu has held engineering and pre-sales roles in India and Europe while working for NDS, Infosys, Adobe, and TIBCO before moving into product leadership positions in the U.S. He earned an engineering degree in computer science and engineering from Visvesvaraya Technological University, India.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.