Colin Domoney

Originally an embedded systems developer working on military grade secure communications systems in South Africa, Colin has over 20 years of development and security expertise in the telecommunications, consumer, medical and financial service industries. His most recent experience has been as the technical expert leading a large scale application security programme in a large multinational investment bank. He was responsible for the deployment and operation of the Veracode service, and leading the remediation programme, and deploying a RASP solution within the organisation.
Posts by Colin Domoney

Lessons Learned Building an Application Security Team

March 14, 2017  | Managing AppSec

In 2012, I joined a large investment bank in London to start and grow its application security programme from the ground up. My initial focus was on the selection of the best tool for the job; namely, a static code analysis scanner that could be deployed easily, and scale widely. Within a few months, I had access to the Veracode Application Security Platform, and I was ready to start scanning my... READ MORE

A Few of My Lessons Learned Building an AppSec Program

March 13, 2017  | Managing AppSec

I recently joined Veracode after spending five years building an application security program from the ground up at a global investment bank. This experience gives me a unique perspective on the struggles and hurdles our customers are facing, and puts me in a position to share my lessons learned and provide helpful information and advice for those starting or managing a growing application... READ MORE

Managing Flaw Review with a Large Multi-Vendor Application

March 2, 2017  | Managing AppSec

The previous blog post in this series discussed strategies for the large-scale deployment of the Veracode static code analysis tool across a large enterprise, focusing on strategies and techniques for ensuring rapid adoption within individual development teams typically responsible for self-contained homogenous applications. However, in a large enterprise, there are applications that are... READ MORE

How to Run a Successful Proof of Value for an Application Security Programme

March 1, 2017  | Managing AppSec

So you’ve got upper management buy-in for your application security proof of value and are ready to start scanning applications: how do you make sure your proof of value (PoV) is a success and that you demonstrate the need to progress to a full-scale program? This article describes some of the lessons learned at the start of our large-scale deployment of Veracode within our organisation.... READ MORE

Strategies for Rapid Adoption of a Security Programme Within a Large Enterprise

March 1, 2017  | Managing AppSec

A large-scale deployment of the Veracode static code analysis platform across a large enterprise presents a number of unique challenges, such as understanding your application estate, prioritising your applications for scanning, and communicating with your application owners. This blog post provides some guidance based on my experience at delivering several hundred scanned applications in a 14-... READ MORE

Our Latest Research: Some AppSec Programs Are Dramatically Reducing Risk – How Are They Doing It?

November 1, 2016  | Managing AppSec

We recently passed the 2 trillion mark for lines of code scanned. 2 trillion! That’s a lot of code, and a lot of scanning, and a lot of intelligence about what vulnerabilities are lurking where and the best ways to manage them. Our State of Software Security (SoSS) reports leverage this goldmine of data to highlight lessons learned, best practices, trends and insights for anyone starting or... READ MORE

Why I Joined Veracode: Colin Domoney

October 31, 2016  | Customer News | Security News

I recently joined Veracode after spending five years managing application security at a global investment bank. I’m sharing a bit about my background and reasons for joining Veracode in the hope that my experience helps others trying to work security into software development. Software’s foundational role My career as a developer began in South Africa, where I learned cryptography and... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu