Threat Modeling Wins for Agile AppSec
September 10, 2020
About the speakers:
Rahul Raghavan (Co-Founder and Chief Evangelist, we45)
The sheer pervasiveness of applications, their associated software engineering process and therefore the variance of application security quotient across software teams is what drives Rahul’s primary role as an AppSec Advocate at we45.
Having worked on both the building and breaking sides of product engineering, Rahul appreciates both the constraints and the opportunities of imbibing security within the software lifecycle. This understanding created a natural segue for we45’s custom security solution engineering and enhanced AppSec service delivery models for its global customers.
As an active DevSecOps Marketer, Rahul works closely with the offices of CTOs and CIOs in the setting up of cross-functional skill building and collaboration models between engineering, QA and security teams to build and manage software security maturity frameworks.
Rahul is Certified Information Systems Auditor (CISA) and is a regular speaker at global conferences, seminars and meetup groups on the following topic areas
- Application Security Automation and DevSecOps
- AppSec Tooling
- Threat Modeling in Agile Engineering
- QA: Security Mapping
- Automation ROI Modelling
- AWS Security
- Secure Software Maturity Models
Sudarshan Narayanan (Head Delivery, DevSecOps, we45)
Sudarshan currently leads the service delivery practice at we45 and comes with a decade long experience in Software Quality Assurance. Sudarshan's primary focus involves conceptualizing a feasible and "risk-based" model of continuous security implementation for product teams by identifying bottlenecks and addressing them before integrating security into development life-cycle while remaining agile. Drawing from his experiences of having worked with various engineering teams, Sudarshan leads a team that works on developing a test-driven approach to continuous security automation by enhancing test coverage and optimizing security assessments using open-source tools and frameworks.
The core of his experience is in testing web applications and ensuring that they conform to high standards of quality before release. Defect management, reproduction of customer escalation on test-beds, hot-fix verification, test planning, test estimation, test documentation are some of Sudarshan's specialties.
AWS Security, its keystone concepts and how it differs from traditional data centers
October 10, 2019 - 6-8pm
University of San Diego
Images from the event: