Technorati Tags: Conference , SDLC , SDL , IT , ISV I will be discussing Microsoft IT's approach to secure application development, with a special focus on how we integrate security into the IT line-of-business SDLC, in a webcast this Thursday May 29th...

Threat Modeling is no longer the obscure magic is used to be. With the creation of tools like the Threat Analysis and Modeling tool from the ACE Team, Threat Modeling is now easier to implement, faster and more comprehensive. Threat Modeling  is...

This is a link to an article I recently published through InterGovWorld.com in Canada. http://www.intergovworld.com/article/de76c0610a0104080164a05db0878ff1/pg1.htm Todd Kutzke

The other day I was subject to the assertion that the only asset an IT security organizations should care about is data. Now being in the application security business, I should have been jumping at this validation but couldn't. The IT security org needs...

Now that you've decided (or battled) to set up an application security program you realize that it actually needs to get funded.  You must master the art of delicately drinking from the fire hydrant of line of business applications. In my experience...

I will be speaking at the Front Range OWASP Conference (FROCo8) in Denver on June 10th. The focus of the conference to share the experiences that the speakers had around solving technical and management issues surrounding application security. I'll be...