Pejman Pourmousa is Vice President of Services at Veracode, where he is responsible for the successful adoption of Veracode’s solutions by its customers. This includes program management, customer success, security consulting, manual penetration testing, and customer support. In the last seven years, he has built cohesive teams that help cutomers develop, deploy, and mature their AppSec programs. Pejman has spent the entirety of his career in the area of services management and delivery, specifically around compliance, risk, and security. Prior to Veracode, he was a Manager of Client Services at Integrity Interactive (acquired by SAI Global), where he led the team responsible for the…
Enabling our customers to create software quickly and securely has always been our mission, and it remains so today. While the safety and health of our employees is a top priority right now, so is the health of our customers’ software, especially considering some of the industries they support. We need to keep the health care providers and their systems secure and operational, protect the farmers… READ MORE
Stay up to date on Application Security
- Characteristics of a World-Class AppSec Program
A great AppSec program requires more than just scanning. It takes seamless processes and services designed to help developers fix flaws and write more secure code. The following is a list of the characteristics that we have found among our customers with world-class AppSec programs. Consider security early In early planning phases, ensure secure architecture and design and conduct threat modeling… READ MORE
- Beyond Scanning: Don’t Let AppSec Ignorance Become Negligence
In recent months, as I’ve worked with more and more prospects and customers, I’ve started to see an interesting trend: As more agile dev teams become responsible for their own security posture, they are relying on the operations team to “plug an AppSec tool” into their CI/CD pipeline to resolve their AppSec. While I agree with the sentiment that security needs to be embedded in the build process… READ MORE
You wouldn’t be very effective if you didn’t prioritize your to-do list. Treating “prep for board meeting tomorrow” and “organize in-box” with the same level of urgency would slow you down at best, seriously impact your job performance at worst. Similarly, neglecting to prioritize your application security “to-do list” will slow your progress, or prevent it altogether. Even the best application… READ MORE
- Application Security Policy: Might Need to Revisit as DevOps EmergesNovember 6, 2017 | Managing AppSec
I’ve worked in program management at Veracode for the past six years, and during that time, I have seen a lot of different approaches to deploying AppSec policies. Typically, the security team (CISO/CIO led) deploys an AppSec policy that applies to developers and engineers. However, with the rapid change in the ways software is developed and released, most of the security policies that were… READ MORE
- What Makes an AppSec Program Successful: A Program Management PerspectiveNovember 30, 2016 | Managing AppSec
I have spent the entirety of my career in the area of services management and delivery, specifically around compliance, risk and security. I have had the good fortune of seeing over 1,300 program deployments across all size companies spanning every industry. Today, I am the Director of Program Management at Veracode, working to help customers successfully adopt Veracode’s solutions. I wanted to… READ MORE
Application Security Tool Kit
Love to learn about Application Security?
Get all the latest news, tips and articles delivered right to your inbox.
No thanks, back to the article please.