ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "Threat Modeling - A Disaster Story with Edwin Kwan"
Episode Synopsis
We continue the "Epic Failures in DevSecOps" series by speaking with Edwin Kwan on his chapter, "Threat Modeling - A Disaster Story". Edwin is Application and Software Security Team Lead at Tyro Payments. In our discussion, we talk about the three things he learned through his "Epic Failure":
-- Demonstrate value at the buy-in
-- Get early feedback
-- Automate as much as possible
During our discussion, we talk at length about the role of security and how to begin implementing automation at the earliest stages of the development process.
About Edwin Kwan
Edwin Kwan is the Application and Software Security Team Lead for a bank. His approach toward application and software security is to raise security awareness, provide light touch controls to the software development life cycle to increase visibility of security issues and work closely with engineering teams to quickly develop secure applications.
Edwin started out as a software engineer and transitioned into the application security role to lead a range of security initiatives when the company was working towards obtaining an unrestricted banking licence.
As a Software Engineer, he has over a decade of experience developing large scale; real-time; high performance; high reliability software applications for major telecommunication vendors. He is also experienced in working with stakeholders from small to large organisations to design and develop innovation solutions to help manage and grow their business.
-- Demonstrate value at the buy-in
-- Get early feedback
-- Automate as much as possible
During our discussion, we talk at length about the role of security and how to begin implementing automation at the earliest stages of the development process.
About Edwin Kwan
Edwin Kwan is the Application and Software Security Team Lead for a bank. His approach toward application and software security is to raise security awareness, provide light touch controls to the software development life cycle to increase visibility of security issues and work closely with engineering teams to quickly develop secure applications.
Edwin started out as a software engineer and transitioned into the application security role to lead a range of security initiatives when the company was working towards obtaining an unrestricted banking licence.
As a Software Engineer, he has over a decade of experience developing large scale; real-time; high performance; high reliability software applications for major telecommunication vendors. He is also experienced in working with stakeholders from small to large organisations to design and develop innovation solutions to help manage and grow their business.
More episodes of the podcast The OWASP Podcast Series
ep2024-09 Threat Modeling with Takaharu
25/09/2024
ep2024-08 OWASP Projects Roundup
30/08/2024
ep2023-07 What's Audit got to do with IT
31/07/2023
AppSec at 40,000 feet
22/05/2023
In God we trust