“Shift Left” and automation have turned from ideals to meaningless buzzwords. Instead of riding the hype train, let’s get real and cover practical and real-world examples taken from actual product security successes. Not every business is the same, neither will their DevSecOps program.
In this talk, I’ll cover the fundamentals of common to successful DevSecOps programs as well as a grab bag of useful techniques to consider. These are lessons learned doing AppSec at a wide variety of companies including Rackspace, Pearson, a fortune 500 financial, Duo Security and Cognizant Healthcare. Bruce Lee said “Research your own experience. Absorb what is useful, reject what is useless, add what is essentially your own”. The goal of this talk is to provide you with enough examples to build your own pragmatic and practical DevSecOps program or maybe absorb a new technique or two into your existing program.
Matt Tesauro is a DevSecOps and AppSec guru with specialization in creating security programs, leveraging automation to maximize team velocity and training emerging and senior professionals. When not writing automation code in Go, Matt is pushing for DevSecOps everywhere via his involvement in open-source projects, presentations, trainings and new technology innovation.
As a versatile engineer, Matt’s background spans software development (primarily web development), Linux system administration, penetration testing and application / cloud security. He thrives on tackling technical problems, but his economics background gives him a unique understanding of business constraints and incentives around security initiatives.
Currently, Matt is CTO of DefectDojo Inc. Previously, he rolled out AppSec automation at USAA and founded 10Security. Early in his career, Matt served as Director of Community and Operations at the OWASP Foundation, Senior AppSec Engineer at Duo Security, Senior Software Security Engineer at Pearson and Senior Product Security Engineer at Rackspace.