DevSecOps Lessons Learned – How to Shift Left & Shift Right?
As organizations adopt DevOps practices, the need for “security as code” becomes paramount. This session will explore the concept of integrating security into the software development process, with a focus on how to automate the protection of networks through code. Attendees will learn about the benefits of implementing security as code, including increased speed and efficiency, as well as improved collaboration between security and development teams. We will discuss different tools and techniques for automating security, such as using infrastructure as code, vulnerability scanning and penetration testing. The session will also cover best practices for integrating security as code into the software development lifecycle. We will also discuss how to create a culture of security within the organization to ensure that security is integrated into the entire software development process. Whether you’re a network administrator, developer, or security professional, this session will give you the knowledge and skills you need to take your organization’s security to the next level.
Session Outline:
-Overview of the current state of security in DevOps and the importance of incorporating security into the development process
-Discussion of the challenges and best practices for integrating security into the DevOps process
-Examples of how to automate security testing and implement security controls in code
-Q&A session for attendees to ask questions and discuss specific challenges they are facing in their own organizations
Target Audience:
This session is targeted towards IT professionals, DevOps practitioners, security professionals and managers who are interested in learning more about how to integrate security into the DevOps process and improve the overall security of their organization. Attendees should have a basic understanding of DevOps and security concepts.
James is a thought leader in the DevOps and InfoSec communities and a dynamic speaker on software engineering topics ranging from security to development practices. His research, writing, teaching and community building efforts operate at the intersection of DevOps and Security. James founded the Lonestar Application Security Conference and is an organizer of DevOps Days Austin and Serverless Days Austin. He is also the author and co-author of several DevOps and DevSecOps courses at LinkedIn Learning. He served on the Global DevOps Days Board. Seeing the gap in software testing, James founded the open source project, Gauntlt, to serve as a “Rugged Testing Framework.” He is the author of the Hands-on Gauntlt book.
James got his start in technology when he founded a Web startup as a student at University of Oklahoma and since then has worked in environments ranging from large, web-scale enterprises to small, rapid-growth startups. He is a highly sought-out speaker on topics in DevOps, InfoSec, cloud security, security testing and Rugged DevOps.
Matt Tesauro is a DevSecOps and AppSec guru with specialization in creating security programs, leveraging automation to maximize team velocity and training emerging and senior professionals. When not writing automation code in Go, Matt is pushing for DevSecOps everywhere via his involvement in open-source projects, presentations, trainings and new technology innovation.
As a versatile engineer, Matt’s background spans software development (primarily web development), Linux system administration, penetration testing and application / cloud security. He thrives on tackling technical problems, but his economics background gives him a unique understanding of business constraints and incentives around security initiatives.
Currently, Matt is CTO of DefectDojo Inc. Previously, he rolled out AppSec automation at USAA and founded 10Security. Early in his career, Matt served as Director of Community and Operations at the OWASP Foundation, Senior AppSec Engineer at Duo Security, Senior Software Security Engineer at Pearson and Senior Product Security Engineer at Rackspace.
A globally recognized software security expert, Dan Cornell has over 25 years of experience
architecting, developing and securing software systems. Previously as a CISO Advisor and Vice
President of Product Strategy at Coalfire, Dan worked with customers and industry partners to
help solve their challenges in cloud and application security. Prior to its acquisition by Coalfire,
Dan was a founder of and the Chief Technology Officer at Denim Group, where he helped
Fortune 500 companies and government organizations integrate security throughout the
development process. Currently Dan is an investor, advisor, and board member.
Cornell is an active member of the development community and a sought-after speaker on
topics of application and software security, speaking at international conferences including RSA
Security Conference, OWASP AppSec USA and EU, TEDx, and Black Hat CISO Forum. He holds
three patents in the area of software security.
