Insecurity in Information Technology

Tuesday, January 16, 2018 - 3:30 pm4:00 pm

Tanya Janca, Application Security Technical Advisor

Abstract: 

A lot is expected of software developers these days; they are expected to be experts in everything despite very little training. Throw in the IT security team (often with little-to-no knowledge of how to build software) telling developers what to do and how to do it, and the situation is further strained. This silo-filled, tension-laced situation, coupled with short deadlines and mounting pressure from management, often leads to stress, anxiety and less-than-ideal reactions from developers and security people alike. This talk will explain how people's personal insecurities can be brought out by leadership decisions in the way we manage our application security programs, and how this can lead to real-life vulnerabilities in software and other IT products. This is not a soft talk about "feelings", this is a talk about creating programs, governance and policies that ensure security throughout the entire SDLC. No more laying blame and pointing fingers, it's time to put our egos aside and focus on building high-quality software that is secure. The cause and effect of insecurities and other behavioural influencers, as well as several detailed and specific solutions will be presented that can be implemented at your own place of work, immediately. No more ambiguity or uncertainty from now on, only crystal clear expectations.

Tanya Janca, Application Security Technical Advisor

Tanya Janca is an application security evangelist, a web application penetration tester and vulnerability assessor, trainer, public speaker, an ethical hacker, the Co-Leader of the OWASP Ottawa chapter, an effective altruist and has been developing software since the late 90’s.  She has worn many hats and done many things, including; Web App PenTesting, Technical Training, Custom Apps, Ethical Hacking, COTS, Incident Response, Enterprise Architect, Project and People Management, and even Tech Support.  She is currently helping the Government of Canada secure their web applications.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {208117,
author = {Tanya Janca},
title = {Insecurity in Information Technology},
booktitle = {Enigma 2018 (Enigma 2018)},
year = {2018},
address = {Santa Clara, CA},
url = {https://www.usenix.org/node/208118},
publisher = {USENIX Association},
month = jan
}

Presentation Video