Down with the CISO and the abdication of security

Presented at Kernelcon 2023, April 14, 2023, 4:40 p.m. (60 minutes)

An overview of why the enterprises split into operations, development, and security. Why it made sense to split technology up this way, how we were wrong to do it, and what we should do now.  The listener will learn about some semantic issues that development, operations, and security have and how we get out of this mess. The talk is not technical, but we will cover the impact of semantics on the division of technical stacks. Next, we will look at real-world misses and why the abdication of security creates issues and see how these misses cause deeper long-term problems. Finally, the listener will learn how we get back to a place where security operations and development work together in big companies. The listener will learn to recover from this split through some tools and practices, how tools should be used across roles and silos, and why communication with a new set of semantics would be a good idea.

Presenters:

• Nathan Case - Datadog
  Nathan Case is a successful executive and builder, pushing for change in security and the culture surrounding it. Leading strategic initiatives and the creation of new technologies in the healthcare, information technology and cloud industries, focusing on security. A passion for Incident Response, and operational security in all forms.

Similar Presentations:

• Wild West Hackin' Fest 2018 / What Could It Hurt: How Framework and Library Dependence is Weakening our Development
• AppSec USA 2015 / Security as Code: A New Frontier
• DeepSec 2015 „DeepSec No. 9“ / Have We Penetrated Yet??