Agile + DevOps East 2019 - DevSecOps Summit Session | TechWell

Conference archive

Agile + DevOps East 2019 - DevSecOps Summit Sessions

Friday, November 8

Chris Wysopal

Shifting Security Left: Where to Start

Add to calendar
Friday, November 8, 2019 - 8:45am to 9:30am

Equipped with this guidance you can begin to make the changes that will transform application security into a responsibility that is shared by development and security and that continues once applications are in production and operation. By shifting security left, you unburden your security team, empower your developers to write better code…


Rome Wasn't Built in a Day...and Neither is Your DevSecOps

Add to calendar
Friday, November 8, 2019 - 9:30am to 10:00am

DevSecOps is about more than just the tools – it is an organizational, operational, and strategic transformation. So, as a “thorough or dramatic change in form or appearance” across the three main pillars of an organization, how can we expect a DevSecOps transformation to take place overnight? Taking lessons from process transformations throughout history, attendees will learn how to evaluate their current DevSecOps maturity and understand the key tools and processes that will help their organization ascend the DevSecOps maturity curve, through achievable milestones and stages.


Building Trust Between Security and Development to Accomplish Culture Change

Add to calendar
Friday, November 8, 2019 - 10:00am to 10:30am

DevSecOps empowers engineering teams to take ownership of how their product behaves in production, including security aspects. The primary goal of a DevSecOps initiative is to get development teams to shift their mindset and adopt security practices in their daily activities. However, this can only happen with healthy collaboration and mutual trust between development and security teams. Larry Maccherone can show you how. Larry will discuss how to effectively build trust between developers and security personnel to facilitate a successful DevSecOps program. He will present a proven "Trust...

Tom Stiehm
Coveros, Inc.

Panel Discussion: Effective Integration of Tooling into DevOps

Add to calendar
Friday, November 8, 2019 - 11:00am to 11:45am

Integrating security tools into a DevOps pipeline is about more than just dropping them into a test environment. It’s about putting them where the business return is greatest. Where fast feedback can be gathered. Picking the right tools for the job. Join DevSecOps experts as they discuss and debate the merits of SAST, DAST, IAST, and RAST tools for your pipeline. Learn about the pros and cons of each type of security testing and how to choose the right tools for your needs. Hear how various organizations have gotten started with DevSecOps tooling and learn tips and trick for implementing...

Jeff Williams
Contrast Security

Taking DevSecOps To The Next Level - Cutting Edge Tools for your Pipeline

Add to calendar
Friday, November 8, 2019 - 12:45pm to 1:30pm

DevSecOps is so much more than forcing developers to use legacy scanning tools. In this talk, we will discuss a continuous, effective, and scalable DevSecOps pipeline using free cutting-edge tools. We'll discuss and show IAST (Interactive Application Security Testing) to accurately pinpoint vulnerabilities in both custom code and libraries in real time without scanning. We'll discuss and show RASP (Runtime Application Self-Protection) in production to gain visbility into application attaches and to prevent vulnerabilities from being exploited. And we'll discuss how to integrate the results...

Gene Gotimer
Coveros, Inc.

A Practical Approach to Building Security In

Add to calendar
Friday, November 8, 2019 - 1:30pm to 2:00pm

The release date is a week away. Development is complete. The code works, and everything looks good. Marketing is ready with the media blitz. Our customers are waiting to get their hands on the new features and are sure to give us good feedback. The only step left is to get the security group to scan the application and give us the approval to release. Cross your fingers- let’s hope we get the green light! Otherwise, I don’t know what we are going to do. DevOps, and more importantly, DevSecOps, promises to do away with rolling the dice at the end and hoping we are allowed to release what...


The Hammer, the Carrot & the Olive Branch: Ways Security Makes Wins... And Friends with Devs

Add to calendar
Friday, November 8, 2019 - 2:15pm to 2:45pm

DevSecOps can be a beacon of hope. Rather than engaging in seemingly futile battles, there are paths to achieving unified wins for devs, ops, compliance—and security. But different situations call for different tools—both technical and social. Join Julie Tsai as she provides realistic examples of things that may have (or not) worked. Mileage may vary.

Tom Stiehm
Coveros, Inc.

Panel Discussion: Getting Development and Security To Work Together

Add to calendar
Friday, November 8, 2019 - 2:45pm to 3:30pm

DevSecOps is all about getting security teams, practices, processes, and tooling integrated into your DevOps process but often getting a cross-functional team that includes security in place is difficult. Join DevSecOps practitioners in exploring the best ways to get security groups and personnel involved in day-to-day DevOps teams. Learn what role security personnel play in Sprint activities and how to remove compliance from being an end-of-lifecycle hurdle. Hear how leading organizations successfully shift security left and tips and tricks for getting started.