Allianz Direct is part of the Allianz Group and we see ourselves as a technology company with an insurance license. As a direct to consumer insurance provider with exclusively digital sales channels, Product Security is a critical priority for Allianz Direct.

Strongly leveraging public cloud and open source, vulnerability management became overwhelming for us. Up to multiple thousands of critical vulnerabilities in just one product seem insurmountable to most Product Teams and undercuts the credibility of the security function.

During this talk I will show how we built an automated prioritization engine that leverages the benefits of cloud-native applications to identify only the most critical and exploitable vulnerabilities, reducing our most critical vulnerabilities from >10,000 to around 50.

Furthermore I will go into the people and process transformation we went through to improve accountability for fixing vulnerabilities, as well as measuring our improvements over time.

This approach helped us start with the most critical vulnerabilities and establish a continuous improvement process to significantly improve the security of our products.

Biographie: Anton Göbel is CISO and Head of Protection & Resilience at Allianz Direct. His first priority is helping the organization achieve its goals by making security a credible partner and enabler of its digital transformation.

In his role he has responsibility for all areas of Information and Corporate Security, as well as several areas of IT Strategy and GRC.

Prior to his current role he was working in different advisory firms in the areas of Cyber Security Strategy and Resilience.

Anton is especially passionate about diversity in technology and using the responsibility of leadership to uplift his team members.