Caroline is the Chief Strategy Officer at Cobalt, a pentest as a service company where she oversees security, people, and community. She began her career in InfoSec fifteen years ago, leading security teams at eBay and Zynga. Caroline also hosts the Humans of InfoSec podcast and teaches cybersecurity courses on LinkedIn Learning. She is the author of popular textbook, Security Metrics: A Beginner's Guide.Follow on LinkedIn: https://www.linkedin.com/in/carolinewmwong/Follow on Twitter: https://twitter.com/CarolineWMWongConnect over Email: [email protected] in this InterviewTop security issues are misconfigurations, leverage machines, and humans in the right ways for an effective application security programThe discipline of Application Security (#AppSec) has a mature model for measuring maturity that is the BSIMMTopics Reviewed: * Her path into security, from dance to engineering to IT to security * Published a textbook on Security Metrics with McGraw-Hill.* AppSec and her work with BSIMM Framework* Improving AppSec Culture * Her thoughts on OWASP Top 10* Insights from dataset from 2,500+ Penetration Tests* How to hire better in CybersecurityFavorite Quotes:“Find the common group, appsec and engineers have different priorities” Reference:* Caroline Wong’s Wikipedia Page: https://en.wikipedia.org/wiki/Caroline_Wong* Humans of InfoSec Podcast: https://podcasts.apple.com/us/podcast/humans-of-infosec/id1353458440* Security Metrics, A Beginner's Guide by Caroline Wong: https://www.amazon.com/dp/0071744002/ref=cm_sw_r_tw_dp_x_KbJLFbTD1FYY8* BSIMM - Observable Model of Application Security - http://bsimm.com/COBALT The State of Pentesting: 2020 - https://resource.cobalt.io/the-state-of-pentesting-2020