Flipping the script: Fighting Advanced Threats at their Software Roots
Many recent major security breaches can be linked to a software vulnerability - either left unpatched or a zero day – that made the attacker's job easier. Yet, we do not put the developer at the center of our cybersecurity strategy. With DevOps becoming mainstream and with tens of millions of developers creating code for all kinds of software-enabled devices, mobile apps and cloud services, it is time to expand the fight against advanced threats to include the developer community and its ecosystem.
Developing secure code at scale will require expanding the security conversation beyond developers. This talk will challenge the entire software ecosystem to play their part in building more secure software and deliver software security at scale. Learning from the collected real-world experience of large development organization, we will review short term strategies for organizations to adopt a secure software development process. For the longer term, we will discuss the drastic changes required in how we teach, develop, test, govern and purchase software-based products to permanently change the software culture and deliver software security at scale.
About Our Speaker
Eric Baize, Vice President, Product Security – Dell EMC & Chairman, SAFECode
Throughout his career, Eric Baize has been passionate about building security and privacy into systems and technology from design to deployment. He currently leads Dell EMC’s Product Security Office and serves as Chairman of SAFECode, an industry-led non-profit organization dedicated to advancing software and supply chain security best practices.
At Dell EMC, Eric leads the team that sets the standards and practices for all aspects of product security for the product portfolio: Vulnerability response, secure development, consistent security architecture, and code integrity.
Eric joined Dell through its combination with EMC where he built EMC’s highly successful product security program from the ground up and was a founding member of the leadership team that drove EMC’s acquisition of RSA Security in 2006. He later led RSA’s strategy for cloud and virtualization. Prior to joining EMC in 2002, Eric held various positions for Groupe Bull in Europe and in the US.
Eric has been a member of the SAFECode Board of Directors since the organization was founded in 2007 and also serves on the BSIMM Board of Advisors. He holds multiple U.S. patents, has authored international security standards, is a regular speaker at industry conferences and has been quoted in leading print and online news media. Eric holds a Masters of Engineering degree in Computer Science from Ecole Nationale Supérieure des Télécommunications de Bretagne, France and is a Certified Information Security Manager.
Follow Eric Baize on Twitter: @ericbaize
About A View from the Top Series
"C” level insights to challenges, solutions and innovative ideas. A members-only webinar series allowing our members to learn from the most senior level male and female industry leaders. The webinar series aims to provide insights and training to prepare women executives for senior management roles. Eligible for CPE credits.