Cole Cornford
Cole is the Founder and CEO of Galah Cyber, Australia’s leading Application Security consultancy. Cole founded Galah after working w/ internationally recognised organisations to plan, implement, and operate large-scale AppSec and Product Security programs. Cole is a regular OWASP contributor, with his most recent contributions including the XSS CheatSheet rewrite, Code Review guide update, and a OWASP 20th Anniversary speech.
Cole is well known in the Australian security scene, having penned thought-provoking articles about software engineering with a security lens, and regularly presenting at BSides and AISA conferences around the country. Cole is also the host of the Secured podcast, which focuses on the humans and business side of AppSec, and is the father of two daughters, Monica and Xinni.
Session
Enterprise application security programs are traditionally measured on their capability to address specific aspects of the technology stack, and then the coverage for rolling that out across the enterprise. While this sounds effective, it's anything but as can be seen by the proliferation of ASPM and AI-AST based products and their subsequent wringing in the markets.
So what should modern product security functions aim for? In this talk I'll outline a different Five I's that defines the baseline for an effective ProdSec function and how you can take quick steps as either a scale-up business or enterprise to align and move forward