Colin Domoney

Colin Domoney

Originally an embedded systems developer working on military grade secure communications systems in South Africa, Colin has over 20 years of development and security expertise in the telecommunications, consumer, medical and financial service industries. His most recent experience has been as the technical expert leading a large scale application security programme in a large multinational investment bank. He was responsible for the deployment and operation of the Veracode service, and leading the remediation programme, and deploying a RASP solution within the organisation.

Stay up to date on Application Security

Posts by Colin Domoney
  • Security: Make a Commitment to Working…
    | By Colin Domoney

    The days of security and development working side by side in separate silos are over. With the DevOps-induced security “shift left,” security testing now falls in the realm of the developer, and leaves security in more of an enabling, rather than enforcing, role. And this new role requires a new…

    Read Article
     
  • Best Practices for the Adoption of Open…
    | By Colin Domoney

    In a previous blog post, I discussed the differing perspectives security and development teams have about the use of open source components. Taking these perspectives into account, what is the best way to enable the use of open source components in your organization? Forbidding their use entirely…

    Read Article
     
  • Development and Security Have Different…
    | By Colin Domoney

    Open source components are a blessing and a curse. From a developer’s perspective, they’re a no-cost way to speed the development process. But they can be a curse security-wise. Many open source components contain vulnerabilities that put the organization at risk of getting breached and failing…

    Read Article
     
  • Lessons Learned Building an Application…
    | By Colin Domoney

    In 2012, I joined a large investment bank in London to start and grow its application security programme from the ground up. My initial focus was on the selection of the best tool for the job; namely, a static code analysis scanner that could be deployed easily, and scale widely. Within a few…

    Read Article
     
  • A Few of My Lessons Learned Building an…
    | By Colin Domoney

    I recently joined Veracode after spending five years building an application security program from the ground up at a global investment bank. This experience gives me a unique perspective on the struggles and hurdles our customers are facing, and puts me in a position to share my lessons…

    Read Article
     
  • How to Run a Successful Proof of Value…
    | By Colin Domoney

    So you’ve got upper management buy-in for your application security proof of value and are ready to start scanning applications: how do you make sure your proof of value (PoV) is a success and that you demonstrate the need to progress to a full-scale program? This article describes some of the…

    Read Article