Jamie Rockhill^* is the director of information security at DG&S, a medium-sized Manhattan-based financial services company. In the past twelve months some of the firm’s largest clients have either been acquired or have filed for bankruptcy protection. Although not as hard hit as some of their Wall Street peers, DG&S is anticipating a 20% loss against previous year’s earnings. The firm is facing a major restructuring and there is an across-the-board freeze on any training expenditures or major IT projects. Indeed, any expense over $1,000 requires Executive VP sign off.

So you’ve learned the basics of application security. What happens next? Ongoing education isn’t as clear cut as taking a single course. Nothing beats real world experience, but not everyone has the luxury of time to ramp up on application security experiences.

Security scenarios are modeled after the Harvard Business Review Case Studies - they’re real world scenarios based on actual challenges faced by practitioners on the ground. Each scenario describes a fictional predicament faced by somebody involved in application security. The scenario ends with a challenge: what would you do in this situation? We supplement the scenario with expert opinions from within Security Compass and real world practitioners in industry.

Our first scenario involves Jamie Rockhill – a fictional Manhattan information security information practitioner who faces a growing set of application security threats while battling a severe financial downturn. Our founder Nish Bhalla and SANS instructor Jason lam weigh in with their opinions.