Shift left, shift right, or run security right through the middle?

Presented at Global AppSec - DC 2019, Sept. 12, 2019, 11:30 a.m. (45 minutes)

With software security blunders making headlines and businesses under increasing pressure to deliver software faster, development and security teams have been tasked to devise a strategy to satisfy demands for more secure software and more rapid application development. These combining forces have led to the emergence of DevSecOps, which represents a shift in IT culture to accommodate the growing need for both security and speed. However, security teams want to shift left, development teams want to shift right, and Ops team want testing throughout all phases of the development cycle—in other words, continuous testing. This leaves us with a lot of options and little guidance. What’s the best approach? This talk will examine how your organization can inject security testing at the right time, at the right depth, by using the right tools, by defining the right processes, and with the right people. In this way, you can achieve continuous testing rather than testing without a clear strategy in place.

Presenters:

• Meera Rao - Synopsys, Inc
  Ms. Meera Rao works as a Senior Principal Consultant and the Director of DevSecOps Practice at Synopsys, Inc who has over 20 years of experience in software development organizations in a variety of roles including Architect, Lead Developer, and Project Manager, and Security Architect. Meera has overseen and performed secure code reviews, static analysis implementations, architectural risk analysis, secure design reviews and threat modeling of systems built from a few thousand lines of code to systems containing tens of millions of lines of code (Java, JEE, .Net, Rails, Grails, and C/C++). Ms. Meera has been working as a trusted adviser to Fortune 500 companies helping them achieve realistic goals for Practical CI/CD & DevSecOps. She advises organizations in defining, implementing, maturing, scaling and measuring DevSecOps. Meera was awarded the SecDevOps Trailblazer award from SecuritySerious in London. Ms. Meera is very passionate about getting more women working in the technology industry. Ms. Meera participates, presents and speaks at several conferences, spreading her knowledge of security, DevSecOps and the importance of women in the technology workforce.

Links:

• https://globalappsecdc2019.sched.com/event/Ur5V/shift-left-shift-right-or-run-security-right-through-the-middle

Similar Presentations:

• AppSec USA 2016 / Lightning Talk - Application Security in a DevOps World: Three Methods for Shifting Left
• AppSec USA 2015 / Ah mom, why do I need to eat my vegetables?
• DeepSec 2015 „DeepSec No. 9“ / Have We Penetrated Yet??