Enterprise Application Security - GE's approach to solving root cause and establishing a Center of Excellence

The presentation
GE has established a holistic Application Security Program that seeks to detect, correct and prevent security defects throughout the application lifecycle. The program is focused on finding defects early in the development process and fixing the root cause through company-wide deployment of Guidance, Education, Tools and Metrics. The program's "Center or Excellence" has assessed several thousand applications across different GE business units and has observed, through metrics, a significant improvement in the security of the applications being deployed over the past several years. This presentation analyzes some of the critical success factors for this program and shares key performance indicators that demonstrate how these programs are making a difference in the overall security of source code.

The speaker
Darren Challey is the GE Application Security Leader and is responsible for establishing: policies, procedures, metrics, best practices, guidance, education, services and tools for ensuring that software developed for or by GE is secure. He also chairs a cross-business "Application Security Working Group" that discusses and makes decisions upon the overall vision and direction of the program. Prior to his current role, Darren has occupied many roles at different GE businesses, including: IT Controller at GE Corporate; IT Sarbanes-Oxley Leader, Six Sigma Black Belt and Web Master & Program Manager at GE Commercial Finance; and Electrical, Mechanical & Nuclear Engineer at several GE Energy businesses. After earning his BS degree in Mechanical Engineering from Union College, Darren received a Masters of Engineering, Computer Systems at Rensselaer Polytechnic Institute. Mr. Challey is a Certified Information Systems Auditor (CISA) as well as a Certified Information Systems Security Professional (CISSP).