One-Day Trainings: Wednesday, October 24
Setting up, managing and improving your global information security organisation using mature OWASP projects and tools. Achieving cost-effective application security and bringing it all together on the management level. How to use and leverage OWASP and other common best practices to improve your security programs and organization. The workshop will also discuss a number of quick wins and how to effectively manage global security initiatives and use OWASP tools inside your organisation. The author has extensive experience of managing his own secure development organization as well as advising to improve a number of global secure development organisations and processes.
Topics Covered
- OWASP Top-10 and OWASP projects – how to use within your organisation
- Risk management and threat modeling methods (OWASP risk analysis, ISO-27005,…)
- Benchmarking & Maturity Models
- Organisational Design and managing change for global information security programs
- SDLC
- Training: OWASP Secure Coding Practices – Quick Reference Guide, Development Guide, Training tools for developers
- Measuring & Verification: ASVS (Application Security Verification Standard) Project, Code Review Guide, Testing Guide
- Development & Operation: ESAPI (Enterprise Security API), AppSensor
All discussion and issues raised by participants at the workshop will be under the confidentiality under the Chatham House Rule.
Tobias Gondrom is Managing Director of Thames Stanley, a CISO and Information Security & Risk Management Advisory based in Hong Kong, United Kingdom and Germany. He has more than fifteen years of experience in software development, application security, cryptography, electronic signatures and global standardisation organisations working for independent software vendors and large global corporations in the financial, technology and government sector, in America, EMEA and APAC. As the Global Head of the Security Team at Open Text (2005-2007) and from 2000-2004 as the lead of the Security Task Force at IXOS Software AG, he was responsible for security, risk and incident management. In 2009 he also achieved a senior management degree from London Business School (Sloan M.Sc. in Leadership and Strategy).
Since 2003 he is the chair of working groups of the IETF (www.ietf.org) in the security area, and currently board member of OWASP London and member of the OWASP Global Industry Committee. Tobias is the author of the international standards RFC4998 and RFC6283 and co-author and contributor to a number of internet standards on web security and papers on security and electronic signatures, as well as the co-author of the book „Secure Electronic Archiving“, and frequent presenter at conferences and publication of articles on technical and CISO management topics (e.g. AppSec, IETF, ISSE, iX, …).