With less than two months to go until AppSec DC is here, AppSec organizer and OWASP chapter lead and international committee member Rex Booth was nice enough to do an interview with us about all things AppSec.
In this interview, Rex tells us who should attend AppSec this year, why he got involved with AppSec in the first place, and why application security is one of the most important areas of the security field.
Why did you originally get involved in AppSec, and how have you seen AppSec grow since you first got involved?
Following undergrad, I immediately started working as a web application developer. In college, I had a professor who had the foresight to emphasize the importance of security within applications, and I took it to heart – first as a developer and later as a consultant. In the years since I started professionally, AppSec has matured and grown significantly to the point where the field is almost becoming crowded – which is a great thing – but we still haven’t fully penetrated the most important market: developers.
In your own words, what is the theme of AppSec this year, and which part of AppSec are you looking forward to the most?
From an OWASP perspective, I think the theme could easily be maturity; meaning that as an organization, we’re growing numerically, we’re growing in terms of recognition, and our products – our tools, documentation, and methodologies – have truly come into their own. Personally, I’m looking forward to November 14th, the day after the conference, when I can look back and admire the completion of a successful event that brought together so many talented people under one roof.
For those that aren’t already familiar with AppSec, who should attend, and which tracks would you recommend for those that don’t have a technical background?
In an ideal world, everybody would attend, since application security is the responsibility of everybody from the end user, to the developer, to executive leadership. I think the ultimately unsatisfying answer is that it depends on your background and your role in your organization. As a manager, I’d personally probably gravitate to the SDLC and Compliance tracks, but we’ve received so many quality presentations, I think each individual will have to make some tough decisions on what to attend.
On that note, this year’s AppSec will hold hands-on training before the conference; what kind of training will be offered, and how does it tie into the conference as a whole?
We’re fortunate to offer a wide variety of training from very qualified firms and individuals. Our training selection will cover topics ranging from hands-on testing to threat modeling to secure development. These trainings also include various technologies, so if you focus on Java or .Net or PHP, we have classes that focus on those technologies. We made a concerted effort to provide training that reflects the diverse audience we expect at the conference; security professionals, developers, managers and everyone in-between – there’s truly something for everyone.
The goal of OWASP is to make application security more visible; why do you feel that application security is one of the most important areas of the security field?
Other facets of security have become something of a science over time. Application security very much remains an art. Accordingly, we as a community and as individual users aren’t able to apply a patch or deploy a device and call it a day. We have to remain vigilant and continue to actively seek and develop advances in our field. It’s not that application security is inherently more important than other aspects of security – it’s that application security is currently the weakest link in the chain and needs the most attention.
AppSec is still looking for volunteers; what kind of people are you looking for, and what kind of time commitment should they be able to give?
The most important characteristic we’re looking for in our volunteers is dedication and the ability to follow-through. Even if you only have 10 hours to give, we likely have an opportunity for you to participate.
Lastly, if people walk away with only one thing from AppSec this year, what do you hope it is?
I hope that everyone who attends walks away feeling that they, as individuals, as professionals, and as members of our community, can make a difference in application security.
Rex’s Bio: Rex Booth is a Senior Manager with Grant Thornton’s Global Public Sector practice in Alexandria, VA. He has over nine years of professional experience in application development and information security services for government agencies, private industry, and financial institutions. During his tenure at previous employers, he designed and developed complex distributed web-based applications. As a member of a managed security services team, he co-architected and implemented a scalable information detection and prevention information aggregation solution for use in a real-time 24/7 information security monitoring system, correlating and reporting on hundreds of devices. Since joining Grant Thornton, Rex has managed and assisted with multiple information security and risk management engagements auditing IT system controls including FISMA, IV&V, SOX, and OMB A-123 engagements as well as identity management and system certification and accreditation efforts. Rex has presented on the topic of information security and assessment methodologies to various institutions and is currently a chapter lead and international committee member for the Open Web Application Security Project (OWASP).
o o o o o
A special thanks to Rex, Doug Wilson, and Mark Bristow for agreeing to interview with us. Doug’s interview is already available, and Mark’s interview will be published soon, so keep an eye out!
No related posts.
Loading ...