Jessica Lavery

Jessica is part of the content team at CA Veracode. In this role she strives to create and promote content that will engage, educate and inspire security professionals around the topic of application security. Jessica’s involvement with the security industry goes back more than a decade at companies like Astaro, and Sophos where she held roles in corporate communication and marketing.
Posts by Jessica Lavery

Live From RSA: Zulfikar Ramzan Keynote – Ripples and Technology

February 15, 2017  | Security News

Once John Lithgow left the stage, Zulfikar Ramzan, RSA’s CTO, took the stage to talk about business-driven security. He implored the security professionals in the room to not draw lines between departments, but instead create connections for better collaboration and enhanced security. Sounds a lot like DevOps. Ramzan then spoke a lot about how small events can create larger ripples that... READ MORE

Live From RSA Conference 2017 – The Power of Opportunity

February 15, 2017  | Security News

It almost didn’t happen, but I made it to the RSA Conference. A series of unfortunately timed winter storms delayed/canceled flights, but I was able to make it out of Boston and to San Francisco only a day late – which meant I only missed the DevSecOps @ RSA Conference 2017 talks on Monday. And the big takeaway after my first day at the conference: it’s all about DevOps. If... READ MORE

Securing DevOps: Enough With the Cynicism

January 23, 2017  | Secure Development

If an industry continuously talks about how a trend is going to be a hurdle, it becomes a hurdle. Conversely, if an industry views the trend as an opportunity and talks about it in such terms, thinking shifts toward the potential this trend brings for improvement. We are seeing this phenomenon with DevOps, but not in a good way. Security professionals are talking about the hurdles of securing... READ MORE

The Future of AppSec is DevSecOps

December 19, 2016  | Secure Development

future-of-appsec

With 2016 coming to an end, we, like many companies, are reflecting on the trends of the past year. We are also looking outward to what the future holds for application security, and it has never been clearer that the future of application security will be tied to DevOps and integrating security into DevOps environments. As such, it is crucial that security becomes part of the entire software... READ MORE

Podcast: Cyberwar and Voter Fraud

September 30, 2016  | Security News

Can it really happen? The Hollywoodesque version of cyber voter fraud would go like this – an enemy nation state would support the candidate they felt best represents their interest. This government would possibly find ways to infuse money into the candidate’s campaign. Not content with simply influencing the election with illegal campaign funds and propaganda, the nation state would... READ MORE

Podcast: Cyberwar has a history not just a future

September 6, 2016  | Security News

Cyberwar – the term conjures images of futuristic warriors battling for control of Earth ala the Terminator or the Matrix. But the truth is cyberwar is just as much a part of our national history as it is a potential future crisis. And as the old adage goes “ what has happened before will happen again”. The main difference between the cyberwar of the past and the one of today, or the future is... READ MORE

Until We Prioritize Security Training, We Will Remain a Step Behind Cybercriminals

June 22, 2016  | Secure Development

Where is your security money going? Typically, it lives at the edges of the network, in operations land. The big spends on items and services such as log aggregators and organizers, firewalls, and penetration testing are generally trusted buys. These are tried-and-true tactics that have withstood the tests of time. But time, as it were, has claimed many a security system. From the low-tech... READ MORE

Optimizing Software Management with a DevSecOps Approach

June 15, 2016  | Secure Development

Let’s face it, building software is difficult. It’s mental gymnastics. When your developers are working hard, they’ve likely got at least two hours of ramp up time behind them. Bother them during their meditative state, and you’re resetting that clock, losing hours of potential work. There’s a flow to programming, and when you’re in the zone, the code comes quite freely. It’s those moments when... READ MORE

The Future Is Now: Applications Protect Themselves Against Attacks

June 7, 2016  | Security News

More enterprises than ever before are recognizing that software is inherently insecure. Yet, they cannot slow down their development cycles to accommodate this reality. Doing so would compromise their innovation and competitiveness. As a tradeoff, many companies end up sacrificing security. RASP technology holds the promise of protecting applications without touching code As a category, runtime... READ MORE

Verizon’s 2016 Data Breach Investigations Report Demonstrates Traditional Approaches to AppSec Aren’t Working

May 5, 2016  | Security News

It has taken me a few days to wade through all the data and information in this year’s Verizon Data Breach Investigations Report, but I’ve finally found the time to read it all the way to the end. As always, the report is full of interesting statistics about breach and incident trends. While each section of the report offered valuable insights and information, I found the section on... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu