How to build an appsec program from scratch

Bio: Ossi Väänänen is a hacker with a software engineer background, currently working as Chief Security Architect at Sanoma Media Finland. He’s actively involved within various security communities in Finland, including HelSec which he co-founded in 2018. When not hacking, he is likely on an adventure somewhere in the woods or at the sea.

Talk Contents Following a long career in developing software, I switched careers into infosec and started building an appsec program at a Somewhat Large Company with many dev teams and products. In my talk I’m sharing my experience and insights of how I started building an appsec program from scratch and how I realized how few of the challenges involved are purely technical (surprising to an engineer!). I’m also presenting some tools and metrics I’ve built to support our appsec program which I’m releasing as open source.