Pragmatic Approaches to Building Secure Software

In these times of first-to-market pressure, software quality attributes such as security take a back seat. The hacking instances are on the rise, an indication of vulnerable software being shipped. Software deployed on Cloud adds yet another degree of exposure and includes the platform as a vulnerability, not to mention the vulnerabilities of generative AI.

Come join a group of security professionals in a lively panel discussion on the common sense practices that yield a secure software. This will be a broad discussion on secure software development life cycle including shift left processes, vulnerability testing, test tools, and post deployment activities. The panel will also emphasize the importance of the deployment environment. The panelists bring a wealth of experience to the table.

Bhushan Gupta profile pictureModerator: Bhushan Gupta, PNSQC

Bhushan Gupta has been associated with PNSQC since 1999. After spending 10 years in academia, he spent 20 years in the high tech industry as a software developer, quality engineer, productivity manager, and process improvement lead. At present, he is a Web Application Security researcher and speaks at international trade conferences and leads workshops in best practices for secure web application development. You can find more about Bhushan at bgupta.com.


Brian Myers profile picturePanelist: Brian Myers

Brian Myers (PhD, CISSP, CCSK) worked on software development teams for over 20 years before moving to information security. He helped build software at companies such as Borland, Netscape, and WebMD Health Services. While at WebMD he moved into security and became the company's Information Security Director and HIPAA Security Officer. Subsequently he started the first application security team at WorkBoard, a hypergrowth Silicon Valley startup, and then joined Leviathan Security Group as a Senior Security Advisor. Currently Brian works independently under the name SafetyLight LLC helping software businesses in the US and Canada establish effective and compliant information security programs.

Tim Morgan profile picturePanelist: Timothy D. Morgan

Tim Morgan is the founder and CTO of DeepSurface Security , where he designed an innovative risk-based vulnerability management product that helps security teams gain a much deeper understanding of the complex security relationships present in their digital infrastructures.

After beginning his career as a software developer, Tim quickly transitioned to security consulting work, where he spent 15 years in penetration testing, vulnerability research, application security, incident response, and digital forensics research.

In addition to his day-to-day work, Tim has presented his independent research on Windows registry forensics, XML external entities attacks, web application timing attacks, and practical application cryptanalysis at conferences such as DFRWS, OWASP's AppSec USA, BSidesPDX, and BlackHat USA.

Cory Perkins profile picturePanelist: Cory Perkins


Cory Perkins is the CTO at Springbrook Software an industry leader in the local government ERP and Payments software. He has 25 years of experience in the software development industry being a member of development teams, leading development teams, and managing the overall technical strategy. He enjoys all things technical in nature in both his professional and personal life.