Presented at
CrikeyCon VII (2021),
March 6, 2021, 3 p.m.
(30 minutes).
If there's anything that the Solarwinds hack has taught us, it's that our industry needs to look internally and really try to understand WHY developers are not embracing security. Simply saying we need to "shift left" is bullshit hype and means nothing. This talk will lay out the behaviours and workflows that developers use and how that affects the security of the products they built. It will also talk about the management and business requirements that encourage developers to build insecure products. I will use public and proprietary data to underpin the arguments and show how things are getting worse, instead of better in a public cloud-focused world.
Presenters:
-
Paul McCarty '6mile'
Paul McCarty has been working in the distributed systems space since 1993 when he took his first job as a unix sysadmin in the university computer lab. In 1996 he started his own computer store and ISP, and then later a consultancy. Fast forward to 2021 and that consultancy evolved over the years to specialize in deploying security controls at scale, first in the datacenter, and then later in the public cloud. Paul's contracted for NASA, Boeing, Queensland government, the US military and a lot more. Now he nerds out on helping companies adopt real, no bullshit DevSecOps practices as the CTO of SecureStack, one of Forbes magazine's top cybersecurity companies to watch in 2021!
Similar Presentations: