How a Global French Luxury Company Redefined Application Security

Application security is often reduced to a tool in the CI/CD pipeline that scans code and reports findings.

But according to one AppSec Director at a global French luxury company, that definition misses most of the value.

In this on-demand conversation, an experienced AppSec Director shares how his team approaches application security as a program, not a point solution - integrating risk management, vulnerability management, resilience, and organizational ownership directly into how software is built and operated.

Rather than relying on static severity scores or pre-production scans alone, this approach grounds AppSec decisions in runtime evidence, operational workflows, and real-world risk.

In this session, you’ll hear how a mature AppSec program:

• Expands AppSec beyond CI/CD scanning to include risk management, vulnerability management, and resilience
• Separates real application risk from vulnerability noise using runtime evidence
• Prioritizes issues based on what actually runs, what is reachable, and what attackers touch
• Brings application security into operational workflows, including the SOC and observability platforms like Datadog
• Uses IAST and QA testing together to improve security outcomes while accelerating delivery
• Extends security coverage into production safely when test coverage isn’t complete
• Aligns people, process, and technology to make AppSec work at scale

This is a practical discussion for leaders responsible for securing modern, distributed applications in real organizations.

Speakers:

• Rémi Lavedrine, Application Security Director, Global French Luxury Company

• Jeff Williams, Founder & CTO, Contrast Security