Agile + DevOps East 2019 - Agile Leadership Summit | TechWell

Conference archive

DevSecOps Summit

Friday, November 8, 2019 • 8:30am-3:45pm

Why is learning about DevSecOps vital to you and your role? In the past few years, security integration within the DevOps pipeline has given rise to the idea of DevSecOps. Once seen as the bottleneck and inhibitor of the development and deployment process, security has become an integral part of the movement towards automation and the removal of manual oversight enforcement. As stated in the DevSecOps Manifesto, “We must adapt our ways to ensure data security and privacy issues are not left behind because we were too slow to change.” 

At the DevSecOps Summit, you’ll hear stories from practitioners in the field who are pushing forward with the idea of creating a secure application development pipeline, with security integrated from conception to deployment. They will explain how they made the cultural transformation from legacy development and deployment processes, to integrated systems that include security as a part of the process, not as an overseer or bottleneck to secure application development. This series of first-person talks will give you an ideal perspective on how you and your team can enable faster application development with more rapid deployment to production while integrating security into your DevOps initiatives.

Registration is free for conference attendees (simply "add-on" to any conference package), but you must reserve your seat in advance. Complimentary breakfast and lunch included for Summit registrants.





Contrast Security Contrast Security


Friday, November 8

Welcome & Opening Remarks—8:30am–8:45am

Friday, November 8, 2019 - 8:30am to 8:45am
Chris Wysopal

Shifting Security Left: Where to Start

Add to calendar
Friday, November 8, 2019 - 8:45am to 9:30am

Equipped with this guidance you can begin to make the changes that will transform application security into a responsibility that is shared by development and security and that continues once applications are in production and operation. By shifting security left, you unburden your security team, empower your developers to write better code…

Rome Wasn't Built in a Day...and Neither is Your DevSecOps

Add to calendar
Friday, November 8, 2019 - 9:30am to 10:00am

DevSecOps is about more than just the tools – it is an organizational, operational, and strategic transformation. So, as a “thorough or dramatic change in form or appearance” across the three main pillars of an organization, how can we expect a DevSecOps transformation to take place overnight? Taking lessons from process transformations throughout history, attendees will learn how to evaluate their current DevSecOps maturity and understand the key tools and processes that will help their organization ascend the DevSecOps maturity curve, through achievable milestones and stages.

Building Trust Between Security and Development to Accomplish Culture Change

Add to calendar
Friday, November 8, 2019 - 10:00am to 10:30am

DevSecOps empowers engineering teams to take ownership of how their product behaves in production, including security aspects. The primary goal of a DevSecOps initiative is to get development teams to shift their mindset and adopt security practices in their daily activities. However, this can only happen with healthy collaboration and mutual trust between development and security teams. Larry Maccherone can show you how. Larry will discuss how to effectively build trust between developers and security personnel to facilitate a successful DevSecOps program. He will present a proven "Trust...

Learn More
Tom Stiehm
Coveros, Inc.

Panel Discussion: Effective Integration of Tooling into DevOps

Add to calendar
Friday, November 8, 2019 - 11:00am to 11:45am

Integrating security tools into a DevOps pipeline is about more than just dropping them into a test environment. It’s about putting them where the business return is greatest. Where fast feedback can be gathered. Picking the right tools for the job. Join DevSecOps experts as they discuss and debate the merits of SAST, DAST, IAST, and RAST tools for your pipeline. Learn about the pros and cons of each type of security testing and how to choose the right tools for your needs. Hear how various organizations have gotten started with DevSecOps tooling and learn tips and trick for implementing...

Learn More
Jeff Williams
Contrast Security

Taking DevSecOps To The Next Level - Cutting Edge Tools for your Pipeline

Add to calendar
Friday, November 8, 2019 - 12:45pm to 1:30pm

DevSecOps is so much more than forcing developers to use legacy scanning tools. In this talk, we will discuss a continuous, effective, and scalable DevSecOps pipeline using free cutting-edge tools. We'll discuss and show IAST (Interactive Application Security Testing) to accurately pinpoint vulnerabilities in both custom code and libraries in real time without scanning. We'll discuss and show RASP (Runtime Application Self-Protection) in production to gain visbility into application attaches and to prevent vulnerabilities from being exploited. And we'll discuss how to integrate the results...

Learn More
Gene Gotimer
Coveros, Inc.

A Practical Approach to Building Security In

Add to calendar
Friday, November 8, 2019 - 1:30pm to 2:00pm

The release date is a week away. Development is complete. The code works, and everything looks good. Marketing is ready with the media blitz. Our customers are waiting to get their hands on the new features and are sure to give us good feedback. The only step left is to get the security group to scan the application and give us the approval to release. Cross your fingers- let’s hope we get the green light! Otherwise, I don’t know what we are going to do. DevOps, and more importantly, DevSecOps, promises to do away with rolling the dice at the end and hoping we are allowed to release what...

Learn More

The Hammer, the Carrot & the Olive Branch: Ways Security Makes Wins... And Friends with Devs

Add to calendar
Friday, November 8, 2019 - 2:15pm to 2:45pm

DevSecOps can be a beacon of hope. Rather than engaging in seemingly futile battles, there are paths to achieving unified wins for devs, ops, compliance—and security. But different situations call for different tools—both technical and social. Join Julie Tsai as she provides realistic examples of things that may have (or not) worked. Mileage may vary.

Tom Stiehm
Coveros, Inc.

Panel Discussion: Getting Development and Security To Work Together

Add to calendar
Friday, November 8, 2019 - 2:45pm to 3:30pm

DevSecOps is all about getting security teams, practices, processes, and tooling integrated into your DevOps process but often getting a cross-functional team that includes security in place is difficult. Join DevSecOps practitioners in exploring the best ways to get security groups and personnel involved in day-to-day DevOps teams. Learn what role security personnel play in Sprint activities and how to remove compliance from being an end-of-lifecycle hurdle. Hear how leading organizations successfully shift security left and tips and tricks for getting started.