Threat Modeling - A Disaster Story with Edwin Kwan

The OWASP Podcast Series

English - December 18, 2018 18:31 - 18 minutes - 17.4 MB - ★★★★★ - 23 ratings
Technology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed

Previous Episode: The DevSecOps Unicorn Rodeo w/ Stefan Streichsbier

Next Episode: Strategic Asymetry - Leveling the Playing Field w/ Chetan Conikee

We continue the "Epic Failures in DevSecOps" series by speaking with Edwin Kwan on his chapter, "Threat Modeling - A Disaster Story". Edwin is Application and Software Security Team Lead at Tyro Payments. In our discussion, we talk about the three things he learned through his "Epic Failure":

-- Demonstrate value at the buy-in
-- Get early feedback
-- Automate as much as possible

During our discussion, we talk at length about the role of security and how to begin implementing automation at the earliest stages of the development process.

About Edwin Kwan
Edwin Kwan is the Application and Software Security Team Lead for a bank. His approach toward application and software security is to raise security awareness, provide light touch controls to the software development life cycle to increase visibility of security issues and work closely with engineering teams to quickly develop secure applications.

Edwin started out as a software engineer and transitioned into the application security role to lead a range of security initiatives when the company was working towards obtaining an unrestricted banking licence.

As a Software Engineer, he has over a decade of experience developing large scale; real-time; high performance; high reliability software applications for major telecommunication vendors. He is also experienced in working with stakeholders from small to large organisations to design and develop innovation solutions to help manage and grow their business.