Secure Code Warrior - Application Security - The CISO's Blind Spot
Common Sense Virtual Roundtable:

Application Security – The Enterprise’s Blind Spot

February 24th, 2022, successfully held

Request Detailed Session Notes

We are careful about who we send this key document to. The session notes will be sent based on the request, provided your profile matches our qualification criteria.

Presented by

Secure Code Warrior

Here’s what we discussed:

Does the enterprise software you’re building have security built into the code? Unless your dev team has been explicitly prepared to write secure code, this is an often-overlooked attack vector.

  • Increasing hacking attacks and the expanding attack vector – software upon software – cloud, software-defined networking, infrastructure as code
  • Human error & lack of security knowledge in developers, lack of scalable resources
  • Speed of change – compounds the above points
  • Organisational structure and working in silos
  • Tools vs human approach

Solution Expert

Pieter Danhieux
Co-Founder/CEO at Secure Code Warrior

Pieter Danhieux is a globally recognised security expert, with over 12 years’ experience as a security consultant and 8 years as a Principal Instructor for SANS teaching offensive techniques on how to target and assess organisations, systems and individuals for security weaknesses. In 2021, he was named as a Top 25 Cybersecurity CEO of 2021 by The Software Report and a Top 100 Innovator by the Australian. He holds GSE, CISSP, GCIH, GCFA, GSEC, GPEN, GWAPT, GCIA certifications.



Peter Freiberg
Head of Application Security at Ampion

Peter is the Head of Application Security at Ampion, leading the practice, providing Penetration Testing (ethical hacking), Code reviews, DevSecOps, Security Test Automation, Security Development Lifecycle consulting and implementation, and facilitating Security focused training for testers, business analysts and developers. He has worked in the cybersecurity industry for 15 years, as both an independent contractor and for companies including Deloitte and Verisign.


Here is what we learned:

Alistair Edgar, Information Security Manage, Health Alliance

Health Alliance manages IT services of four district boards within New Zealand.

They have a dedicated cyber training and awareness lead who works in conjunction with their penetration tester. The point of that is to ensure the training is not too dry. They found that if they showed the developers actual cases, they were more engaged.

The alliance only uses Java and dotnet C sharp, so he considers them fortunate in managing security from a development perspective. If they were using more languages, it would be difficult.

Because he works in healthcare, Edgar was particularly interested in finding the quickest way to test software, because over the past two years there have been huge demands to get products out quickly.

Kirk Stephen, Head of Global IT Security, Hansen Technologies

Stephen is the global head of IT security for Hansen Technologies, a software development company for energy utilities and telco clients.

They are fairly early in getting security built into their development life cycle. They have some internal training and security awareness and a very basic OSWAP Top 10 course.

Request detailed session notes

We are careful about who we send this key document to. The session notes will be sent based on the request, provided your profile matches our qualification criteria.

About Secure Code Warrior:

Secure Code Warrior is the secure coding company.

Secure Code Warrior makes secure coding a positive and engaging experience for developers as they increase their skills. We guide each coder along their own preferred learning pathway, so that security-skilled developers become the everyday superheroes of our connected world.

‍We succeed through a human approach that uncovers the secure developer inside of every coder – helping development teams ship quality code faster, so they can focus on creating amazing, safe software for our world.

Participation in the Virtual Roundtable is free of charge to qualified attendees. Once you’ve completed the registration, we’ll confirm your invitation and send you a calendar invite with a link to the meeting.

If you don’t qualify, we’ll suggest other learning events that may be a better fit for you.

Here’s what attendees at past events have said:

Other active events

Talk To Us About Attending Future Events

    This site is protected by Invisible reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

    Pypestream Generated $1.8 million in Sales Pipeline
    Download this case study to learn how hosting branded events built their sales pipeline.
    I would like to receive important updates from Common Sense