STARWEST 2019 Concurrent Session : Large-Scale DevSecOps: Bringing Security Confidence to Chaotic Development

Conference archive


Thursday, October 3, 2019 - 9:45am to 10:45am

Large-Scale DevSecOps: Bringing Security Confidence to Chaotic Development

Add to calendar

Implementing application security (AppSec) programs on a large scale can often seem chaotic and unwieldy. Without the proper knowledge to implement robust AppSec tools, DevSecOps on a large scale can be overwhelming. And with the countless number of customizable build, task-tracking, and CI integration systems available, many companies don’t know where to begin implementation of DevSecOps. Join Dennis Hurst as he shares the knowledge necessary to wield powerful AppSec tools based on his experience with a variety of large corporate clients. Dennis will discuss common pitfalls and unique challenges with various static, dynamic, threat modeling, and architecture review tools in the DevOps process. You will learn what board members and C-level executives really care about in security, how to identify and track the right key performance indicators and program metrics, and what needs to be implemented before an application should be moved into production. Don’t get lost in the often chaotic world of high-power DevSecOps initiatives—learn how to handle them well so you can appropriately protect your applications.

Saltworks Security

Dennis Hurst is a highly respected security expert with expertise in the area of application security and the integration of security into all aspects of the software development lifecycle. His broad experience in security, application development, product management, and IT operations have given him the knowledge and experience to work with many Fortune 500 companies around the globe implementing successful application security programs. Mr. Hurst has also been influential in many industry organizations, such as the Cloud Security Alliance (CSA), the Open Web Application Security Project (OWASP), and other industry groups. He is a founding member of the CSA, where he cowrote the Application Security section of v1 and v2 of its guidelines.