Five Keys to Building an Application Security Program in the Age of DevOps

Presented at BSidesSF 2017, Feb. 13, 2017, 11:30 a.m. (30 minutes)

Security's goal of minimizing enterprise risk sometimes seems to be at odds with development's mandate for change. In reality, there is a middle path that can allow development to deliver more secure code at DevOps speed, but it requires security to adapt to the principles that have proven successful for DevOps.

Presenters:

• Tim Jarrett - Director, Enterprise Security Strategy - Veracode
  Tim Jarrett is Senior Director of Security Strategy at Veracode, responsible for leading go-to-market strategy for Veracode's automated application security risk management service. He has previously led teams at iET Solutions and Microsoft. Tim was also Principal at American Management Systems, where he acted as a development lead on a major US Department of Defense software contract. Tim has authored the Veracode State of Software Security Report and is a regular contributor of articles specializing in DevOps and secure software development. He graduated from the University of Virginia and has an MBA from the MIT Sloan School of Management.

Links:

• https://bsidessf2017.sched.com/event/9ILY/five-keys-to-building-an-application-security-program-in-the-age-of-devops

Similar Presentations:

• AppSec USA 2016 / Lightning Talk - Application Security in a DevOps World: Three Methods for Shifting Left
• AppSec USA 2016 / Glad You Could Join Us: Bringing Security into the DevOps Fold
• AppSec USA 2016 / Moving to the Left: DevOps practices and the changing role of SecOps