Overview
Syllabus
Intro
Application Security Programs
Low Security Maturity
Medium Security Maturity
High Security Maturity
Application Security Team
Tactical and Strategic
Program vs No Program
Metrics
Starting from scratch
Existing models
BeSam vs Ideal State
Key Takeaways
Duo Security
The Big Takeaway
Team Values
Engineering
Low Friction
Paved Road
How Could It Go
No Code Left Behind
Security Maturity Model
Compliance
Efficiency
Community Content
Free Time
Microsoft SDL
Training
Security Services
Threat Modeling
Code audits
Security assessments
Security metrics
Functionally
QA
Office Hours
Intake Process
What do they need
TLDR
Kickoff Checklist
Hacking
Security Defects
Conclusion