September 12th ISSA Meeting – AppSec and DevOps: Security should not be so difficult!

DevOps and application security are all the rage, but how do you transform a DevOps team into an army of security people? Enter the idea of application security behaviors. A behavior is “the way a person acts”. Behavior beats process, because behavior is how we respond to a situation versus how we should respond. An application security behavior focuses on the lightest touch points while still having security impact, and are the foundation of true security culture change for a DevOps environment. The five core application security behaviors are threat modeling, security tool automation, code review, red teaming, and response. In this talk, we dive deep into each behavior, and explain how these behaviors generate more secure products and how to embed the behaviors into the DevOps team.
The discussion will be led by Chris Romeo is CEO and co-founder of Security Journey. His passion is to bring security culture change to all organizations. Chris is first and foremost a security culture hacker, designing security training programs and building internal security community. He was the Chief Security Advocate at Cisco for five years, where he guided Security Advocates, empowering engineers to “build security in” to all products at Cisco. Chris has twenty years of experience in security, holding positions across the gamut, including application security, penetration testing, and incident response.

Click here to register – http://events.constantcontact.com/register/event?llr=vjbad7kab&oeidk=a07eehg88of301018da

Remaining Dates for 2017 Meetings Oct 10 and Nov 7

Chapter Overview The Central Virginia Chapter of ISSA was founded in 2006 and is part of the national Information Systems Security Association (ISSA) The ISSA has more than 13,000 individual members and more than 100 chapters around the world. ISSA is the largest international, not-for-profit association for information security professionals. It provides educational forums, information resources and peer interaction opportunities to enhance the knowledge, skill and professional growth of its members. ISSA works closely with other industry organizations such as (ISC)2, ASIS, and ISACA. The Central Virginia ISSA offers annual CISSP training from experienced and practicing Information Security Experts. We also conduct monthly meetings on a wide variety of Information Security Topics provided by some of the most knowledgeable security professionals in the field.  Our monthly meetings at Mekong.  These meetings provide Continuing Education Credits for CISSPs and are open to ISSA Members and Non-Members