Mark Stanislav – VP, Information Security, Gemini
After nearly 20 years in information security & technology roles, I continue to be excited by the chance to use a growth-oriented mindset to mix deep technical expertise with a passion for solving complex business problems in a sustained, measurable manner.
Whether it’s creating a greenfield security architecture, advising on a corporate security program, speaking at industry conferences, testifying before the government, or mentoring a student, I am always ready to maximize the return on the professional investments from across my career.
I firmly believe that careers are meant to be challenging, meaningful, and dynamic. A great employee is not the one you keep the longest, but the one who is there every day to make a forward-looking contribution to the vision & mission of their team. Whether as a people leader, or an individual contributor, I focus not on what’s there today, but what should be in place for the team after me.
Shifting Knowledge Left: Keeping up with Modern Application Security
With security “shifting left” into DevSecOps, it’s more difficult than ever to keep up with a rapidly evolving landscape of web technologies and the threats that come with them. While familiar vulnerabilities like XSS and SQL injection attacks continue to plague our apps, many frameworks are adopting automatic defenses that protect against common abuse cases. At the same time, as the work of developers is abstracted away from these security decisions, remaining points of failure can more easily go overlooked.
Keeping applications secure in a world where developers deploy and commit production code many times a day requires software engineers to be well versed and up-to-date in secure coding techniques relevant to their particular language and framework. Education in application security is hard, and passive compliance-based training using outdated videos and slideshows can’t keep up.
We must find better ways to share appsec knowledge, both within teams and across the industry, beyond relying on slow-to-update measures like the OWASP Top 10 to guide us. To this end, Duo and Hunter2 have partnered to bring a set of free training resources that can be shared among development teams, including interactive training labs that allow engineers to practice exploiting and patching up modern web applications in their stack of choice.