Topic: DevSecOps: Integrating and Maturing a Security Culture
Cybersecurity professionals have a robust suite of tools and methodologies for assessing risk to operating systems, firewalls, and other components but have limited resources to review webapps. As demonstrated by the Equifax breach, which exploited a third-party library, continuous monitoring and assessment does not always include a review of software dependencies. We rely on regular patches for commercial software and understand how to deploy updates, but maintaining secure custom software requires development team support or integration into a DevSecOps pipeline. The lack of insight into custom software and web applications is due to limited automated review and the technical skills required to identify or understand the unique threats to an organization.
Speaker: Dr. Philip Kulp, PHK Cyber
Dr. Philip Kulp has been consulting in cybersecurity for over 20 years and programming since middle school. In his current role assessing webapps, he combines his passion for both skills while integrating automated cybersecurity checks into the DevSecOps cycle. He also serves as a cybersecurity architect, Incident Responder, independent assessor, and course creator at Cybrary. Philip seeks learning opportunities to balance his cybersecurity skills between academic, technical, and compliance roles. He holds the CISSP certification and two Offensive Security certifications of OSCP and OSCE. In his academic capacity, Dr. Kulp serves as a chair, committee member, and mentor for doctoral students in the Ph.D. and D.Sc. programs at Capitol Technology University.