CypherCon 2025
| CARVIEW |
Select Language
HTTP/2 200
server: nginx
date: Fri, 10 Oct 2025 09:37:50 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-cache-enabled: True
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
link: ; rel=shortlink
x-httpd-modphp: 1
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-proxy-cache: EXPIRED
x-proxy-cache-info: 0 NC:000000 UP:
content-encoding: gzip
Creating an Application Security Program – CypherCon Skip to main content 
Creating an Application Security Program
Ken Kazinski
Abstract:
An effective application security program can result in fewer production issues, less rework and fewer security issues. Creating an application security program is a daunting task, not only do you have to get management on-board, but more importantly getting the development teams buy-in. In this talk we’ll discuss who, besides the development teams, that are needed to make the program successful and the types of testing and when it should be done during the development lifecycle.
Importance: Security is not normally listed as a feature that the development teams need to implement. As the application security champion/manager you must remember that the development teams are evaluated on the number of features they complete, not the number of security features they implement. By not having rework of production issues, due to security problems, not only saves time but reduces overall development costs. Having a complete application security program, from requirements through post-production testing, not only improves code quality, reduces security risks and contributes to an organization’s overall software development maturity and cybersecurity program level.
Ken Kazinski
Abbott Laboratories Application Security Management
Ken Kazinski is the manager of Abbott Laboratories Application Security Management team and has over
twenty years of experience in the field of cybersecurity. His current cybersecurity focus is in application
security, which is enhanced with his substantial knowledge of system security in both government
regulated and non-regulated industries. These environments have provided him with a deep contextual
understanding on the impact of security in a variety of organizational environments. In his role at Abbott,
Ken provides leadership, program vision, and integration guidance on attack surface areas, including
Threat and Vulnerability Management, Application Security, Cloud Security, Mobility, and Brand
Reputation.
As an Air Force veteran with a Master of Science in Cybersecurity, Ken has used both his professional
and educational experience to create critical application security programs at multiple Fortune 100
companies. Prior to joining Abbott, Ken managed application security for Johnson Controls, Power
Solutions division. His professional and military experience has provided him with the opportunity to work
and live in multiple countries around the world.
Close Menu
- Register
- Topics
- AerospaceCypherCon’s Aerospace Hacking community consists of hackers, cybersecurity professionals, aviation engineers, and pilots coming from local public and private sectors. We believe in protecting human life by ensuring the skies are safe, reliable, and trustworthy which is dependent on secure aviation and space operations. Aerospace hackers & Cybersecurity researchers have been testing and securing the skies & space. At the CypherCon the Aerospace community speaks on what it takes to secure aviation, aerospace, defense, transportation and manufacturing industries. In addition, we have a close relationship with Oshkosh’s EAA, the experimental aircraft associates and annual air show and gathering of aviation enthusiasts held each summer at Wittman Regional Airport and adjacent Pioneer Airport in Oshkosh, Wisconsin, United States.
- Application Security (AppSec)CypherCon’s Application Security (AppSec) community consists of hackers from the red team (attackers – works to break into systems), the blue team (defenders – works to keep the systems safe) and the purple team (Mix of both red teams and blue teams working to improve collaboration) Application Security (AppSec) members come together to learn how to exploit software vulnerabilities and other weaknesses in software. Software is everywhere and in everything. The software attack surface continues to grow and is attractive for abuse.
- Artificial Intelligence (AI)Artificial Intelligence (AI) hacking is a growing communnity here at CypherCon. AI and machine learning is vulnerable to cyber attacks with it’s core of modern AI—are rife with vulnerabilities. Attack code to exploit these vulnerabilities has already proliferated across the community while defensive techniques are young, limited, and struggling to keep up. Machine learning vulnerabilities permit hackers and attackers to manipulate the machine learning systems’ integrity (causing them to make mistakes), confidentiality (causing them to leak information), and availability (causing them to cease functioning). Where can hackers come into play to protect AI systems?
- AutomotiveAutomotive or Car Hacking has become critically important. We all drive and ride in vehicles with an incredible number of computers and connectivity. Today all new cars are connected through V2X technologies. Manufacturers are coming out with new technologies for Vehicle industries and business tracking like Fleet management systems, diagnosis toolset, etc. These systems belong to third-party vendors full of vulnerabilities. To better tackle these flaws, a particular set of skills for the automotive and car hacking professionals is required.
- BiohackingBiohacking can be described as hacker citizens or do-it-yourself biology. For many “biohackers,” this consists of making small-medium or incremental changes to one’s lifestyle to make small improvements in your health and well-being. However there are many categories of biohacking: • Biotechnology • BioArt • DNA • Bioinformatics • CRISPR • Human Sexuality • Grinders • Citizen-Scientists & DIY Research • Culture • 3D Printing • Biomedical • Engineering • Implants • Coatings • Magnets • Robotics • Augmentation • Neurotech • InfoSec • BioTech • BioSecurity • BioTerrorism • iGEM • Public Health • Health Hacking • Bio Law • Bioethics • Design • BioBricks • Synthetics • Healthcare • Food & Diet & Nutrition Hacks • Mind Hacks • Tissue Engineering (medical & non-medical) • Biochemical Synthesis • Biohacking 101 • Biosafety • Neuro-Informatics • Nootropics • Aging and Life Extension • Transhumanism • Epigenetics • Archeology • Biophilic Architecture
- Blue TeamNot everything is offensive, many hackers work on the defensive side. Blue Team is a community built for and by defenders. It’s a place to gather, talk, share, and learn from other blue team hackers about the latest tools, technologies, and tactics that our community can use to detect attackers and prevent them from achieving their goals. Many times, our defenders are providing our organizations from nation states!
- CareersWe all have skills sought after in the market place. Do you want a meaningful career with great benefits and security? CypherCon blends a career “fair” and mentorship/coaching from a hackers perspective. CypherCon’s hacker career village brings together students, professionals, and employers for networking, recruiting and career conversations. Find your future direction.
- CloudCloud hacking is the act of checking for security vulnerabilities and weaknesses in an organization’s cloud infrastructure. CypherCon’s Cloud Hacking village offers an open space to meet Wisconsin hackers interested in offensive and defensive aspects of cloud security. Cloud Hacking Topics include offensive techniques, tools, threat and vulnerability sharing, and general knowledge related to cloud security. Defensive knowledge is also welcome at cloud hacking village! At the end of the day the primary goal is to make clouds safer, and both red teamers and blue teamers are welcome to submit content. Get involved!
- Cold WarInformation has always been a key commodity. The cold war hacking or espionage village blends the historical Cold War espionage that was focused on gaining an advantage in information about the enemies’ capabilities, especially related to atomic weaponry. Has that ever really changed as we entered into cyberwar? Learn from our history to guide you into the future at the cold war hacking village.
- CryptocurrencyMaking sense of bitcoin, cryptocurrency and blockchain can be challenging. CypherCon Hackers will help answer your questions. What is it? How does it work? How it can be used? What cryptography is used in the underlying technology? How will blockchain evolve technology? Learn more from our hackers at the cryptocurrency and blockchain village.
- DatabasesEver wonder what database hacking methods exist? How do you know if the database is vulnerable? The best way to make sure your database is secure from bad actors is to think like a hacker. Database hacking at CypherCon dives into the numerous types of databases and many different ways to compromise them. Can you crack the database root password or run a known database exploit?
- Encryption & CyphersThe bread and butter of CypherCon! Cyphers or more commonly, Ciphers, also called encryption algorithms, are systems for encrypting and decrypting data. A cipher converts the original message, called plaintext, into ciphertext using a key to determine how it is done. We are actually a Cryptography conference disguised as a hacker conference, we strive for 20% of our talks to be related to Cryptography.
- Executive
- Forensics
- Game Hacking
- Hacker Culture & Music
- Hacking 101
- Hardware & Soldering
- Healthcare
- ICSIndustrial control system (ICS) is a collective term used to describe different types of control systems and associated instrumentation, which include the devices, systems, networks, and controls used to operate and/or automate industrial processes.
- Incident Response
- Internet of Things (IoT)
- Keynote
- Locks & Safes
- Malware
- Mobile
- Open Source
- Password Cracking
- Privacy
- Red Team
- Risk
- Social Engineering
- Threat Intelligence
- Vintage Hacking
- Wireless
- News
- Party
- Run.exe
- Travel
- FAQ
- Participate
- About Us
- Contact