We recently co-presented a case study with Vas Rajan (CISO, INGDirect) discussing how we jointly developed a security risk management program for customer-facing mobile apps. We discussed the security risks and challenges, and a programmatic approach to assessing and defending the infrastructure and apps themselves, including:
- Merits and challenges of using Mobile Enterprise Application Platforms (MEAP)
- Creating a mobile app security testing capability
- Clear, cross-platform app development security standards and working with app developers
- Defending and monitoring the mobile service delivery network
Download Slides: Security Risk Advisors – SecureWorld – May 2012
Chris Salerno
Chris leads SRA’s 24x7 CyberSOC services. His background is in cybersecurity strategy based on NIST CSF, red and purple teams, improving network defenses, technical penetration testing and web applications.
Prior to shifting his focus to defense and secops, he led hundreds of penetration tests and security assessments and brings that deep expertise to the blue team.
Chris has been a distinguished speaker at BlackHat Arsenal, RSA, B-Sides and SecureWorld.
Prior to Security Risk Advisors, Chris was the lead penetration tester for a Big4 security practice.