Software Integrity Blog

Author Archive

Brendan Sheairs

bsheairs

Brendan Sheairs is a managing consultant and serves as a subject matter expert for Security Champions projects at Synopsys. He works closely with organizations to design, build, and implement their software security initiatives in markets such as healthcare, finance, and telecommunications. In addition, he works with various teams of principal consultants, senior consultants, and consultants to manage and oversee the delivery of Synopsys services to clients in the Mid-Atlantic region. Brendan has led several projects with a number of Fortune 50 companies to implement and mature their Security Champions initiatives. He has been a CSSLP since 2013.


Posts by Brendan Sheairs:

 

It’s time to enlist Security Champions to fuel Agile development

A 2015 Gartner report estimated that 25% of Global 2000 organizations would be using DevOps and Agile development practices as part of their mainstream strategies by the close of 2016. Our experience with Synopsys customers confirms this prediction has come true.

Continue Reading...

Posted in Agile, CI/CD & DevOps | Comments Off on It’s time to enlist Security Champions to fuel Agile development

 

How do Security Champions enable an AppSec culture?

What are Security Champions? Security Champions are developers who have a direct impact on the resiliency and security of their firm’s software. They are enthusiastic volunteers willing to participate in advanced software security training to perform an important role. They are also a part of a greater community of Champions exchanging ideas and techniques.

Continue Reading...

Posted in General | Comments Off on How do Security Champions enable an AppSec culture?

 

What story do your mobile metrics tell?

As people become more reliant on their smartphones, mobile applications become an important focus for many organizations. There are many articles about adapting your software security group (SSG) to handle the new risks posed by new technology. But, are you confident that you are tracking your organization’s progress and performance effectively? What story do your mobile metrics tell? Are you confident that you are able to show the impact your SSG has when addressing mobile security? Metrics optimization A useful security metric tells a story around the impact and value the SSG adds to the organization at large. Rather than reporting how many mobile applications your organization has enrolled in dynamic scanning, there is more value in reporting how many high severity findings your dynamic scanning discovered and/or how many findings were remediated due to the scanning efforts. This shows the impact of dynamic scanning on the quality of the code.

Continue Reading...

Posted in General, Mobile Application Security, Webinars | Comments Off on What story do your mobile metrics tell?