DevSecOps State of the Union

Presented at BSidesSF 2019, March 4, 2019, 3:30 p.m. (30 minutes).

Many companies have shared their lessons learned in scaling their security efforts, leading to hundreds of blog posts and conference talks. Sharing knowledge is fantastic, but when you're a busy AppSec engineer or manager struggling to keep up with day-to-day requirements, it can be difficult to stay on top of or even be aware of relevant research. This talk will summarize and distill the unique tips and tricks, lessons learned, and tools discussed in a vast number of blog posts and conference talks over the past few years and combine it with knowledge gained from in-person discussions with AppSec engineers at a number of companies with mature security teams. Topics covered will include: • Principles, mindsets, and methodologies of highly effective AppSec teams • Best practices in developing security champions and building a positive security culture • High value engineering projects that can prevent classes of bugs • How and where to integrate security automation into the CI/CD process in a high signal, low noise way • Open source tools that help with one or more of the above Attendees will leave this talk with an understanding of the current state of the art in DevSecOps, links to tools they can use, resources where they can dive into specific topics of interest, and most importantly an actionable path forward for taking their security program to the next level.

Presenters:

  • Clint Gibler - NCC Group
    Clint Gibler is a research director at NCC Group, a global information assurance specialist providing organizations with security consulting services. He’s helped companies implement security automation and DevSecOps best practices as well as performed penetration tests for companies ranging from large enterprises to new startups. Clint is also a co-founder of Practical Program Analysis, LLC, a boutique security firm that builds tools to make application security teams more efficient and effective. Clint has previously spoken at conferences including BlackHat USA, AppSec USA, and AppSec EU. Clint holds a Ph.D. in Computer Science from the University of California, Davis.

Links:

Similar Presentations: