Pejman Pourmousa

Pejman Pourmousa is Vice President of Services at Veracode, where he is responsible for the successful adoption of Veracode’s solutions by its customers. This includes program management, customer success, security consulting, manual penetration testing, and customer support. In the last seven years, he has built cohesive teams that help cutomers develop, deploy, and mature their AppSec programs. Pejman has spent the entirety of his career in the area of services management and delivery, specifically around compliance, risk, and security. Prior to Veracode, he was a Manager of Client Services at Integrity Interactive (acquired by SAI Global), where he led the team responsible for...
Posts by Pejman Pourmousa

Characteristics of a World-Class AppSec Program

July 25, 2019

A great AppSec program requires more than just scanning. It takes seamless processes and services designed to help developers fix flaws and write more secure code. The following is a list of the characteristics that we have found among our customers with world-class AppSec programs. Consider security early In early planning phases, ensure secure architecture and design and conduct threat modeling... READ MORE

Beyond Scanning: Don’t Let AppSec Ignorance Become Negligence

December 19, 2018

In recent months, as I’ve worked with more and more prospects and customers, I’ve started to see an interesting trend: As more agile dev teams become responsible for their own security posture, they are relying on the operations team to “plug an AppSec tool” into their CI/CD pipeline to resolve their AppSec. While I agree with the sentiment that security needs to be embedded in the build process... READ MORE

Not All Vulnerabilities Are Created Equal

November 15, 2017  | Managing AppSec

You wouldn’t be very effective if you didn’t prioritize your to-do list. Treating “prep for board meeting tomorrow” and “organize in-box” with the same level of urgency would slow you down at best, seriously impact your job performance at worst. Similarly, neglecting to prioritize your application security “to-do list” will slow your progress, or prevent it altogether. Even the best application... READ MORE

Application Security Policy: Might Need to Revisit as DevOps Emerges

November 6, 2017  | Managing AppSec

I’ve worked in program management at Veracode for the past six years, and during that time, I have seen a lot of different approaches to deploying AppSec policies. Typically, the security team (CISO/CIO led) deploys an AppSec policy that applies to developers and engineers. However, with the rapid change in the ways software is developed and released, most of the security policies that were... READ MORE

What Makes an AppSec Program Successful: A Program Management Perspective

November 30, 2016  | Managing AppSec

I have spent the entirety of my career in the area of services management and delivery, specifically around compliance, risk and security. I have had the good fortune of seeing over 1,300 program deployments across all size companies spanning every industry. Today, I am the Director of Program Management at Veracode, working to help customers successfully adopt Veracode’s solutions. I wanted to... READ MORE

Are You Ready for the Inevitable Question on Software Security?

March 6, 2014

Independent software suppliers need to recognize the tide of change that is coming from their largest enterprise customers. Over the course of 2013, I witnessed a shift in security. As we learned about government surveillance and suffered through credit card replacements as a result of the Target Breach, questions of security have come to the forefront. These questions focus not just on the... READ MORE

Who Creates a Successful Application Security Program?

March 27, 2013 3

“Our developers are just too busy to worry about securing their applications.” If only I received a dollar for every time I have heard a CISO, CIO or Application Security Manager say these exact words when attempting to develop an appsec program. My name is Pejman Pourmousa and I am a Customer Success Manager at Veracode. I have been working in Professional Services for years. At Veracode, I... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.