Application Security


Strategies to protect applications from external threats


September 5, 2019




7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded


Conference location: Donald E. Stephens Convention Center Rosemont (O’Hare) Illinois




Application security is the process of making applications more secure by finding, fixing, and enhancing the security of applications. Much of this happens during the development phase, but it includes tools and methods to protect apps once they are deployed. This has taken on greater importance as hackers are increasingly targeting applications with their attacks.

What You Will Learn


In this one day conference attendees will learn:

  • OWASP Top 10 in Depth
  • How to Put the Sec in DevOps
  • How to Bake Application Security into Your Application Development Environment (Panel Discussion)
  • Five Steps to Achieve Risk-based Application Security Management
  • The True State of Application Security
  • Building Secure API’s and Web Applications


Conference Price: $289.00 per person


Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

8:00am – 9:00am: Registration and Continental Breakfast

9:00am-9:50am: OWASP Top 10 in Depth


Carlos Pero, AVP, Head of Cyber Application Security, Zurich Insurance


The OWASP Top 10 is a powerful awareness analysis for web application security. It represents a broad consensus about the most critical security risks to web applications. Contributors include a variety of security experts from around the world who have shared their expertise to produce the list. The presentation will cover each vulnerability in detail as well as mitigation strategies.




9:50am -10:20am: Refreshment Break

10:20am-11:10am: How to Put the Sec in DevOps 


Matt Rose, Global Director Application Security Strategy, Checkmarx


Automation and DevOps have changed the way organizations deliver products. The shift towards DevOps made it pretty clear that companies are adopting this organizational model in order to facilitate a practice of automated software deployment. While the traditional idea of a “software release” dissolves away into a continuous cycle of service and delivery improvements, organizations find that their traditional application security solutions are having a hard time to adapt to the new process and security becomes an inhibitor to the complete process.


In this session, you’ll learn how different organizations adopted security into their DevOps processes. What obstacles need to be addressed when introducing AppSec to DevOps and when should Sec be added to DevOps?


Join us to:

  • Discover which obstacles should be expected and how to overcome them
  • Understand what functionality is key to enable real automation of your AppSec program
  • Explore the benefits of having security as part of your DevOps automation (what’s in it for me)?



11:10am-12:00pm: How to Bake Application Security into Your Application Development Environment (Panel Discussion)


Phil Waugh, Enterprise Account Executive, Sumo Logic
Ricardo Lafosse, CISO, Morningstar
Victor Hsiang, CISO, GATX
Ivanka Gajecky, IT Compliance Manager, Beam Suntory
and other professionals from IT Departments sharing lessons learned


In this panel discussion, senior security executives will share how they build Application Security into their development from the early stages.


Areas that will be discussed include:

  • Where to start planning
  • How to get buy-in
  • Who owns the responsibility?


Lafosse      Hsiang          Waugh

12:00pm – 1:00pm Luncheon

1:00pm-1:50pm: How to Secure Containers and Kubernetes for On-Prem or Public Cloud Deployments


Tom Hance, VP of Operations, NeuVector


In this session NeuVector will talk about the attack surface for containers and Kubernetes deployments and how to detect and prevent attacks on modern cloud-native infrastructures. The modern CI/CD pipeline is highly automated, and rapid deployments can leave traditional security approaches behind. By building security into pipeline from build to ship to run-time, enterprises can secure deployments while gaining the benefits of containers.



1:50pm-2:40pm: Securing Identity in the World of DevOps


Nate Yocom, Chief Technology Officer, Centrify


A DevOps approach to software development unites development and operations teams to help companies maximize developer productivity, reduce time to market, and win in the marketplace. However, the increase in the development velocity enabled by DevOps must be balanced by an increase in the security focus. Stronger security in DevOps environments can be achieved when paying special attention to identity management. In this session, we will explore best practices in managing identity in DevOps environments and highlight the role of identity and privilege management in service to service communication, accessing application development pipelines, and securing infrastructure underlying development environments.



2:40pm – 3:10pm: Refreshment Break

3:10pm-4:00pm: The True State of Application Security 


Brian Self, Sr. Solutions Architect, WhiteHat Security


This year WhiteHat has partnered with strategic partners Coalfire and NowSecure on the 2018 Application Security Statistics Report. We analyzed data from more than 20,000 applications to provide a true state of application security report.



4:00pm-5:00pm: Securing and Protecting Applications in the Cloud


Annur Sumar, Chief Technology Officer, MaeTech


Application and data security have become a necessity for enterprises. However, many organizations still are unable to recover in a timely manner from cyber-attacks and data breaches. With security incidents now costing millions of dollars, senior IT decision makers need to strengthen their security posture for their applications and data (both on-premise and in the cloud).

In this session, attendees will learn:

  • How the top application availability and security concerns
  • How to address those concerns early in the process
  • How to help keep applications and data secured
  • How to recover from breaches or security incidents




As is always the case at CAMP IT Conferences events, the talks will not include product presentations.  During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.