Speaker

Rob Cuddy

Rob Cuddy

Global Application Security Evangelist

Irvine, California, United States

Actions

Rob is currently an Application Security Sales Evangelist for HCL. Rob joined HCL recently as part of an acquisition from IBM. Prior to this role, Rob was with IBM for14 years with the most recent role of Worldwide Application Security Evangelist. In addition to this role, Rob held several other roles in IBM ranging from Rational Field Services to Worldwide Sales Enablement leads for the Management and Platform Segment offerings in IBM Cloud. Rob has worked with clients all over the world to help address their challenges in ways that bring a positive impact to the business bottom line. Rob has spoken at numerous events and conferences, most recently at ADDO 2020 and the Agile+Techwell 2020 DevSecOps Summit, and in past years at IBM THINK, InterConnect, DevloperConnect, IBM Top Guns and many customer roundtable events. In addition, he has held roles in software services and technical sales enablement. Prior to IBM, Rob spent 13 years with 5 different companies working as a configuration management specialist with an emphasis on Rational tooling. Rob graduated from the University of Southern California with a degree in Aerospace Engineering, and is an avid fan of college football. When not at work, Rob enjoys spending time with his family, serving with his church, running and cycling. You can connect with Rob via facebook, linkedin and instragram but the best ways are by joining the “Robservatory” on twitter using the handle @Robservatory.

Area of Expertise

  • Information & Communications Technology
  • Business & Management
  • Government, Social Sector & Education

Topics

  • Application Security
  • devops
  • DevOps & Automation
  • devops security
  • DevOpsCulture
  • Design Thinking
  • Mentoring
  • Business Networking
  • public speaking
  • Teaching
  • sales enablement
  • Junior High
  • Youth Ministry
  • DevSecOps
  • cyber security
  • DevOps Transformation
  • Software Deveopment
  • Leadership development
  • DevOps
  • threat modeling
  • Continuous Improvement
  • continuous security validation
  • Continuous Testing

Go Beyond DevSecOps to Continuous Security

This will be a discussion on the notion of Continuous Security and focused on principles and practices around this area, and especially at how it fits with DevOps and DevSecOps initiatives.

Abstract
Continuous. If you have been around DevOps for any length of time then you have heard this term. As in Continuous Integration, Continuous Build, Continuous Deployment, Continuous Delivery, Continuous Testing, Continuous Planning among others. Now we are living in a time when personal and data privacy matters more than ever, and so one "Continuous" is rising to the forefront: Continuous Security.

But what really IS Continuous Security? Is it simply a notion of running scans and tests as part of a pipeline and reporting vulnerabilities? We think it is much more then that. For years organizations have been good validating that applications perform the way they are intended to and do what they are supposed to do so that they can be relied upon. But today if is not enough for applications to just be functional - they must be trustworthy. Add in ever-growing regulations like GDPR, CCPA and CRPA and you'll find that if they are not trustworthy, you could face serious penalties or even charges. But how do you achieve and maintain trust? Security has to be of constant paramount importance. Which means, it's time Security to be continuous too.

We will start with a quick, short, brief view on the current thinking around DevSecOps and how this traditionally just focuses on adding security practices to pipelines. This is a great thing, but it is not enough.

We will then outline our view on Continuous Security and cover 6 key capabilities that we believe are paramount and we will illustrate key facts and ways to know if you are doing them well.

Finally we will illustrate in detail how these work capabilities work together and the benefits that can be realized.

The Road To A Security Evangelist

This session explores the road traveled from an undergraduate engineering degree through many software delivery roles to application security evangelism. It discusses key lessons learned along the way as well as things to avoid in a fun, reflective way. Meant to provide encouragement and ideas to those looking to get more into security.

DevOps Moves Pretty Fast. If You Don't Stop and Secure It Once In a While, You Could Miss It

Abstract:

Remember Ferris Bueller... Bueller... Bueller? Ferris woke up one morning saying "how could I be expected to handle school on a day like this?" and that begins a day filled with seeking adventure. Well trying to elegantly intersect security with DevOps these days can also leave us feeling a bit like Ferris did about high school that day. But it doesn't have to be. From the iconic opening scene, the infamous Mr Peterson call, Abe Froman - Sausage King of Chicago and more, Ferris provides us with key insights on the impact security can have. Join us as we borrow a few lessons from Ferris to see what we can do to move security from mundane to marvelous.

Avoiding Paranoia: Lessons learned from 3 years of podcasting

The Application Paranoia podcast has been in existing since 2020 and is now in its 4 season. We have had a variety of great guests on a wide range of topics and this session will share some of the best stories, moments and lessons learned along the way

Lessons learned from the application paranoia podcast. Could be done in variety of lengths from 15 to 60 minutes. Podcast can be found on all major platforms or appscan.buzzsprout.com

Building the Next Generation in Cyber

Today's challenges cannot be solved with yesterdays methods. There is a great need for skilled cyber professionals, but few entry-level jobs and places to learn. This session will talk about work I have done with several different universities (University of Southern California, University of Arizona, Arizona State University, and Grand Canyon University) to help in a variety of fashions. Particular attention will be given to work as part of the CHOPS (CyberSecurity Hands On Problem Solving) certification program at Arizona State, and to work done with USC related to their MBV program.

Lessons learned, best practices from work done with universities to address cyber skills gap and increase internship, apprenticeship and entry level hiring.

Rob Cuddy

Global Application Security Evangelist

Irvine, California, United States

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top