Session Name: Story of Implementation of SecDevOps in Fin Tech Organization and Beyond
In Financial industry, there is less importance given to Application Security, and more on compliance issues, until a Bank was hacked recently in Pakistan. After that hack, all the Security Personnel, Information Security Assessment Companies were choked with their limited resources. We decided, there couldn't be a better opportunity to Implement, and then market DevSecOps in our company, and in outer market. We implemented the fundamentals of Application Security, starting from:
basics of Application Security Scanning (SAST / DAST)
moved up to systems hardening
then ultimately taken PA-DSS audits head on
We then started implementation of Automation for manual work in our Security efforts and we were quite successful. Once we did that, we started marketing the things we automated in our technology community. This talk is that story.
Salman, Khwaja has served professionally for over 10 years in Pakistani IT Industry as a Technical Content Writer / Author, Quality Assurance professional, Information Systems Auditor / Process Consultant and is now serving as a Manager Application Security in TPS Pakistan Pvt. Limited. He has been implementing (SecDevOps) Security Automation in Financial Industry and has been the instrumental in providing Consultations in Application Security, Vulnerability Assessments, Systems Hardening, and providing Security Training. He is also leading the PA-DSS Assessments of TPS Products and providing the training for Secure Software Framework.