Stephanie Derdouri operates as Fannie Mae’s Director of Vulnerability Management, ensuring the organization is protected against information security vulnerabilities that could jeopardize Fannie Mae’s mission of providing support to homebuyers. Derdouri oversees Fannie Mae’s Application Security (AppSec) and the Vulnerability Threat Management (VTM) team and the Internal Red Team that perform application security assessments, vulnerability scanning, and facilitate network penetration and data exfiltration testing. Previous to her time at Fannie Mae, Stephanie worked for a.i. Solutions and led the NASA Headquarters Risk Management and Federal Compliance Team to develop and apply strategies to manage cybersecurity risks. She has also worked as a Security Analyst for the U.S. Department of Justice, where she honed and exercised her expertise in information security and vulnerability management. Derdouri has earned a Bachelor of Science degree in computer science from The George Washington University and a master of science in information systems engineering from Johns Hopkins University.
Stephanie will provide an overview on how Fannie Mae supports robust security practices throughout the organization. For years, Fannie Mae has aimed toward: 1) conducting cyber security assessments earlier in the development lifecycle; and 2) engaging business partners in the review and mitigation of cyber security risks. Through DevSecOps, Fannie Mae has now reached that goal – and stakeholders from development, operations, and cyber security now monitor, analyze, test, and proactively determine and fix vulnerabilities earlier in the development lifecycle. Join us for this session to see how DevSecOps has helped to dramatically reduce the vulnerabilities at Fannie Mae. Furthermore, take a few extra minutes for a deep dive in static and dynamic code analysis practices within continuous Integration.