CISO Bootcamp Recap: Rules of 8 in AppSec

Image Source:

Marc French, Senior Vice President & Chief Trust Officer at Mimecast, led our September bootcamp, Application Security. His presentation, focused on “The Rules of 8,” which consists of 8 core areas of appsec, and up to 8 tasks within each area, that taken together enable you to build your appsec team and processes.

Appsec is quite niche and, therefore, there are not a large number of appsec professionals. However, it is critical for securing the products that you ship, whether that be external, internal, or SAAS-based.

Below are the top 6 of the core areas, along with a short summary of the key tasks:

  • Know your bits – Take an inventory of what you have, including teams and what they build. Make sure this inventory is updated and refreshed.
  • Building bits – Understand how and where products are architected and developed so you can inject a review process in the appropriate phases.
  • Training – Train yourself, your team, and other stakeholders. This builds knowledge and credibility.
  • Verifying your bits – Understand the bug tracking system, the source code systems and processes, and the QA processes. Then run scans to ensure everything is clean and safe prior to shipping.
  • Deploy your bits – Know the product roadmaps, including new releases and code pushes. Understand the release engineering process and the code signing process.
  • Open your bits to others – Create 3rd party testing and validating.

We have two more bootcamps planned with a 3rd in the works to end the 2018 sessions.

October 1: Incident Response Plans/SOC

November 1: Physical Security