Transforming Secure SDLC to Scale in a Continuous Deployment World: Building Roads

Presented at Diana Initiative 2022, Aug. 10, 2022, 5 p.m. (60 minutes)

You probably hear the phrases 'continuous development', ‘continuous deployment’ or ‘CI/CD’ quite often, but they’re often used in ways that make their meanings unclear. In this talk we will go over common industry terms and how [Company X and Company Y] are managing this transition in our development processes while meeting and surpassing our security standards. At the end of the session, the audience will learn/understand: * Common continuous deployment terminology * Techniques to transition from process-based security controls to technical security controls * Avenues for enabling developers to make good security decisions

Presenters:

• Natalya Krecker
• Jeannine Schulz - Relativity
  A math nerd at heart, Jeannine originally sought a career in security because she thought it would be "cool to be a hacker". After quickly discovering she doesn't care for full-time red teaming, she now thrives as an application security engineer at Relativity. Focusing on security communication, Jeannine works to enable engineers to learn about security best practices and make good security decisions. Jeannine is an amateur vexillologist and regularly wins internal awards for her prowess at both slack emojis and meme usage.

Links:

• https://thedianainitiative2022.sched.com/event/15cjh/transforming-secure-sdlc-to-scale-in-a-continuous-deployment-world-building-roads

Similar Presentations:

• AppSec USA 2017 / Practical Dynamic Application Security Testing within an Enterprise
• AppSec USA 2012 / Rebooting (secure) software development with continuous deployment
• Global AppSec - DC 2019 / DevSecOps: Essential Pipeline Tooling to Enable Continuous Security