Rahul Raghavan

The sheer pervasiveness of applications, their associated software engineering process and therefore the variance of application security quotient across software teams is what drives Rahul’s primary role as an AppSec Advocate at we45.

Having worked on both the building and breaking sides of product engineering, Rahul appreciates both the constraints and the opportunities of imbibing security within the software lifecycle. This understanding created a natural segue for we45’s custom security solution engineering and enhanced AppSec service delivery models for its global customers.

As an active DevSecOps Marketer, Rahul works closely with the offices of CTOs and CIOs in the setting up of cross functional skill building and collaboration models between engineering, QA and security teams to build and manage software security maturity frameworks.

Rahul is Certified Information Systems Auditor (CISA) and is a regular speaker at global conferences, seminars and meetup groups on the following topic areas

1. Application Security Automation and DevSecOps
2. AppSec Tooling
3. Threat Modeling in Agile Engineering
4. QA: Security Mapping
5. Automation ROI Modelling
6. AWS Security
7. Secure Software Maturity Models

Session Topic:

The Clutter that's Choking AppSec (and How to Fix it)

Increasingly shorter agile development sprints and mandatory security assessments are putting pressure on product teams to deliver secure applications faster than ever.

Further, inorganic adoption of security tooling sometimes creates information overload that does more harm than good.

What’s going wrong:
• Results from SAST, DAST and SCA tools create large vulnerabilities data sets that are difficult to act upon.
• Automated scan results from security tools are replete with false positives and duplicate entries that make remediation troublesome.
• Manual methods of triaging vulnerability data sets are inefficient and lower productivity.
• Improper vulnerability management increases friction between security and engineering teams.

What the audience will glean from this talk:
• How automated methods of vulnerability correlation and de-duplication can significantly reduce your AppSec testing time.
• How to effectively integrate vulnerability remediation with the engineering workflow.
• Understand the basic anatomy of a vulnerability to effectively prioritise and fix security bugs faster and better!

Why should they care:
• Without a change in approach, application security professionals and engineering teams will continue to delay development schedules and product release dates, or risk releasing a product that is not
entirely secure.

Who should attend:
• Security professionals who face problems managing vulnerabilities.
• Engineering teams who find the current vulnerability remediation workflow problematic.
• CISO’s who want to lay down a mature and efficient AppSec Program.

Rahul Raghavan headshot




Will the recordings be available after the event?

Yes, everybody registered will be emailed the recording copies.

can i attend the event in person?

At the moment, we’re planning on presenting S3CCON 2021 as a completely virtual event. If we decide to change and include some in person portions, we will let everybody know.

I'm interested in being a s3ccon partner or speaker. What should I do?

Please email with details regarding your interest or complete one of the forms linked on the home page.

my question wasn't listed here.

Email your question.