A video for a talk I gave at LASCON last year made it online that some folks may find interesting. I rarely give public talks, but felt this information would have been useful to learn earlier in my career. Basically it goes through problems I've had to deal with building out appsec programs at companies such as ebay, paypal, workday, and others. I list each problem, provide real world examples of the problem (war stories), and the solutions I found to be helpful.
Abstract: Adding security into the dev process relies heavily on dev's own processes which can make implementing a software security program difficult. This talk will communicate common challenges when building a software security program, tips and tricks for addressing them, and expectations you'll need to improve the security of your company's software.