David Jorm
[Commonwealth Bank of Australia]
David has been involved in the security industry for the last 20 years.

During this time he has found many high-impact and novel vulnerabilities, handled security response for dozens of open source projects, led a Chinese startup that failed miserably, and wrote the core aviation meteorology system for the southern hemisphere.

For the last 8 years he has managed technical security teams, and is currently leading the product security function for Commonwealth Bank.

Product Security: bringing Silicon Valley to security assurance at a big 4 bank

Product security is a cross-disciplinary effort to improve the security of software products, respond to vulnerabilities and incidents, and embed automation of security assurance controls into the delivery pipeline. It spans policy, consulting, automation, software engineering, and vulnerability research.

Most large Silicon Valley software companies have a product security function, but the concept has not spread widely to more traditional corporate environments, where the function is fragmented between teams covering penetration testing, application security, and vulnerability management.

Many large corporate environments, such as banks, have a division of the company that is essentially a mini tech company, producing their in-house software assets. This talk will explore an effort over several years to build and embed a product security function within the in-house development division of Commonwealth Bank, one of the largest corporate environments in Australia.

It will look at the challenges of defining the function, establishing boundaries between other teams and functions, and maintaining compliance with the complex regulatory environment of a financial institution.

Secure your place today!