Shawn Drew

Shawn Drew has spent the last five years helping businesses understand the difference that technology can make for their internal processes, external connections, and bottom line. He specializes in all things cloud computing and security, and hopes to impart some knowledge on how the two can be combined to enhance the inherent benefits of each. His work has been published on the websites and blogs of a number of technology industry leaders, such as IBM, Veracode and Boundary.
Posts by Shawn Drew

How DevOps and an Agile Methodology Can Alter Security Integration

August 9, 2015  | Secure Development

Security controls and tests have never been the easiest things to incorporate in the software development lifecycle (SDLC) — but as application security grows in importance, some changes in the way software gets made are making security integration more difficult than ever. The Agile methodology, especially when combined with a DevOps paradigm, embraces speed, making it much harder to get... READ MORE

Internal Security Begins With Smart Policies

August 6, 2015  | Intro to AppSec

External threats seem to be getting all the attention in InfoSec these days, but they only represent one aspect of the overall threat every enterprise faces. Internal threats can be just as damaging and much more difficult to detect — which means every CISO has to consider internal security when designing an overall plan for his or her business. While there are a number of positive steps to... READ MORE

Anatomy of a Breach: Preparing for the Inevitable

July 14, 2015

Attacks have reached a level of both inevitability and sophistication that legacy security solutions simply can't handle, meaning application security has never been as important as it is right now. Preventing a breach begins with understanding how nefarious attackers are getting in, comprehending the cyber kill chain and its ramifications, and then preparing each stage in this chain for an... READ MORE

Secure Coding Is Required When Attacks Are Inevitable

July 1, 2015

With everything on a CISO's plate, preventing and reacting to external attacks has usually been done on a contingency basis, with a reliance on existing security to keep hackers away and the hope that a directed attack doesn't occur. But today, a majority of security professionals expect their businesses will be hacked in the coming year. That means CISOs have to change their approaches... READ MORE

IoT Apps Pose a Security Risk for Developers

June 11, 2015

The Internet of Things (IoT) holds great promise for the future of technology, but it also presents considerable risk for users. Today's waves of Internet-enabled devices — and the applications they run — are designed to be as inexpensive as possible. But sometimes, those savings come at the cost of security. Going forward, developers working on IoT apps and devices have to keep... READ MORE

New Gartner Report Highlights the Trend Toward DevOps

June 3, 2015  | Secure Development

Revolutionary advances such as the cloud, advanced analytics and expanding mobility have brought no small amount of change to IT departments around the world, as IT and project managers struggle to keep up with an increasingly demanding and nimble user base. In response to the need for a more agile transition between development and operations, these two traditionally siloed aspects of IT are... READ MORE

Branded Vulnerabilities May Change Enterprise Security

June 1, 2015  | Security News

For as long as malware, viruses and assorted vulnerabilities have existed, the most significant among them have been given names by the media. Lately, however, the practice of naming security flaws has evolved, building into a legitimate branding campaign for issues found in existing software. While seemingly benign, the practice of branding security issues may affect the way these flaws are... READ MORE

Target Data Breach Settlement Provides Takeaways for Other Businesses

May 18, 2015

After the 2013 data breach of Target's retail systems, which exposed the customer records of over 70 million customers, some of those affected filed a class-action lawsuit against the company. Target recently settled that lawsuit, putting aside a substantial sum of money, and became a rare example of a data breach victim that had to pay damages. This lawsuit should be seen as a warning to... READ MORE

Application Security Should Be the Top Focus for CISOs

May 11, 2015

With everything a modern enterprise CISO has on his or her plate, it can be difficult to find the proper prioritization to ensure the best available business security. Application security hasn't traditionally been prioritized over other security-related tasks, such as password controls and employee education, but new research shows applications — especially web applications — may... READ MORE

As Security Software Is Wasted, Establishing a Secure Development Process Is Crucial

May 6, 2015

Investing in security software is one of the wisest decisions business leaders can make, given the rampant growth in hacking and data theft over the past few years. But new research shows a significant portion of purchased security-related software is simply going to waste. Armed with this knowledge, every developer should establish a secure development process — or risk taking the blame when a... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu