Akshay on the business of security

Browse by Tags

Shrinking Budgets: Application Security Tools vs Process Tradeoff

An all too familiar scene repeated itself two weeks ago. My good friend & CISO of a mid-sized technology company, lets call him Alok, went into a budget planning meeting and came out as a shadow of his former self. To be more precise a 85% version Read More...

Posted Wednesday, April 29, 2009 10:25 PM by Akshay Aggarwal | 1 Comments

Filed under: Application Security, Tools, SDLC, SDL

Application Security Development Lifecycle 5A: Is Threat Modeling Right For You?

Several enterprises are increasingly investing time and money in building application security tasks into their existing SDLCs. Some of them have also reached the conclusion that proactive approaches , like threat modeling, have more ROI than reactive Read More...

Posted Wednesday, June 11, 2008 8:06 AM by Akshay Aggarwal | 6 Comments

Filed under: Application Security, Business, Governance Series, Management, SDLC, SDL

Application Security development Lifecycle 4: Finding the right security talent

After about an hour of nodding his head vigorously in agreement with some of our lessons learnt, my customer jumped up and exclaimed, " Great!! Now where do I find another 20 people like these?" (pointing to my team)... I thought about it a while and Read More...

Posted Sunday, June 01, 2008 12:45 PM by Akshay Aggarwal | 1 Comments

Filed under: Application Security, Process, Security, Management, SDLC, SDL, Education

How Microsoft IT does Secure Application Development: Webcast

Technorati Tags: Conference , SDLC , SDL , IT , ISV I will be discussing Microsoft IT's approach to secure application development, with a special focus on how we integrate security into the IT line-of-business SDLC, in a webcast this Thursday May 29th. Read More...

Posted Tuesday, May 27, 2008 9:20 AM by Akshay Aggarwal | 1 Comments

Filed under: Application Security, Process, Security, Conference, Speaking, SDLC, SDL

Application Security Development Lifecycle 3: Funding Models

Now that you've decided (or battled) to set up an application security program you realize that it actually needs to get funded. You must master the art of delicately drinking from the fire hydrant of line of business applications. In my experience helping Read More...

Posted Thursday, May 08, 2008 11:48 AM by Akshay Aggarwal | 2 Comments

Filed under: Application Security, Process, Strategy, Security, SDLC, SDL

Application Security Development Lifecycle 2: Mandatory or Not?

Large enterprises tend to have a number of line of business (LOB) applications supporting business operations. It becomes key for an application security program to help the organization manage the risk posed by each of these applications. Applications Read More...

Posted Tuesday, April 22, 2008 12:36 AM by Akshay Aggarwal | 2 Comments

Filed under: Application Security, Strategy, Security, Management, SDLC, SDL

Application Security Development Lifecycle 1: Understanding your portfolio

"How many applications do you have and what do they do?" It seems simple enough yet this questions seems to perplex many a smart mind. Having posed it to over a hundred and fifty CSO/CIOs over the last year, I have rarely received a clear answer that Read More...

Posted Monday, April 07, 2008 9:45 AM by Akshay Aggarwal | 4 Comments

Filed under: Application Security, Process, Strategy, Management, SDLC, SDL

Application Security Development Lifecycle Series

After several requests from customers about information on how enterprise class application security programs are set up, I am writing a series of blogs about my experience helping some large enterprises set up application security teams similar to the Read More...

Posted Wednesday, April 02, 2008 11:54 PM by Akshay Aggarwal | 1 Comments

Filed under: Application Security, Process, Strategy, Management, SDLC, SDL

Akshay on the business of security

Search

Tags

Archives

My personal blog

My team blogs

Other blogs