Philip Lew


Applying The Pareto Principle to Software Security

You’re part of an organization with a small development team building a web application, and now you find out your product must be “secure”, whatever that means? Maybe the requirement comes from an auditor, or maybe the CEO heard this at a recent meeting, conference, or prospective customer. No one on your team has security expertise. Where should you start?

Hire an expert? Get training, identify risks and threats, prioritize your findings, design solutions, and implement them? How much time do you have? For those who don’t have the time or money, what would be an easier way to get quick results with long-term improvements via minimal initial investment in time and money? Is there an 80/20 solution for software security? Yes. Incorporate a vulnerability scanner into your software development processes.

Phil explains how to set up a simple vulnerability management program that will give you immediate results, make your application more secure, and improve security within your software development lifecycle. Along the way, you’ll help your team develop security expertise while meeting some likely security compliance requirements. You’ll also learn key criteria in choosing a vulnerability scanner that suits your organization. Most importantly, you’ll learn how to understand those copious reports that the scanner outputs. Then, learn how to turn your scan activity into a vulnerability management program.

Use this talk on vulnerability management as a way to jumpstart your team down the road of learning application security concepts.

Philip Lew is the CEO at XBOSoft. As a Corporate Executive, Development Manager, Product Manager and Software Engineer, Philip has managed teams to tackle broken processes, develop solutions to difficult problems, and coached others be leaders, managers and experts. He leverages his academic background in operations research and computer science combined with hands on work experience in programming, predictive modeling and algorithm development to work with clients and colleagues around the world in improving their software processes. As a sought after speaker at international technical and management conferences, he gives several keynote speeches each year around the world, but his real passions are cycling and learning.