Explore common pitfalls in implementing Application Security Awareness programs through a humorous and insightful conference talk. Learn from the speaker's personal experiences and mistakes, covering topics such as getting started, assessing the audience, choosing appropriate training materials, and addressing misconceptions about security responsibilities. Gain valuable insights on creating effective, ongoing AppSec training initiatives that go beyond mere compliance, adapting to team growth and turnover while maintaining high coverage.
A Dancefloor that is Literally Just Banana Peels - AppSec Awareness Program Pitfalls
Overview
Syllabus
Intro
AppSec Awareness is an integral part of an AppSec Program.
A story about the mistakes I made while implementing an AppSec Awareness Program
Get stuck without even starting...
Where to start? awareness program training FOWASP
Speak the same language Assess the audience and adjust the material
Compare the options and make an objective decision!
Security is the job of the security team...
Make trainees read tons of text or watch long videos
Turnover and team growth decreases the training coverage.
When compliance is the only driver
AppSec training is a project without an end.
Taught by
OWASP Foundation
