Farshad Abasi -- Three Models for Deploying AppSec Resources

Farshad Abasi shares three models for deploying resources within application security teams:The Dedicated AppSec Person Model involves assigning an AppSec person to work with each team. Farshad shares his experience of working with developers and the challenges faced in getting them to understand and implement threat modeling. He also discusses the transition from waterfall to Agile and how it affected threat modeling.The Federated Model: A security consultant attends weekly standups and spri...