AppSec in a DevOps World


Security has typically been done at the end of the development cycle if it’s done at all. This has all of the same side effects as testing quality just before shipping namely surfacing work and risk at the worst possible time. DevOps is forcing development teams to re-think their accountability. Not only are they responsible for functional quality but now they must also operationalize their software. I assert that they should also be accountable for security. They should treat security findings as equal citizens to their functional defects. Software written without security in mind opens a company up to brand damage and the costs associated with breaches. This will reflect directly on the teams that built the software.

How can DevOps teams add security to DevOps without losing velocity? In this session, Peter Chestna, Director of Developer Engagement, discusses how security is typically bolted on to the development process as well as the pressures on DevOps teams. He will then provide practical strategies to integrate security successfully into the SDLC while maintaining the velocity necessary to realize the benefits of DevOps.

What you will learn:
1. Why application security (AppSec) is important 2. Why traditional approaches don’t work 3. How to add security into DevOps while maintaining velocity 4. What to measure as leading indicators of success

view full program

Speaker

peter-chestna

Peter Chestna

 

As Director of Developer Engagement at Veracode/CA, Pete provides customers with practical advice on how to successfully roll out developer-centric application security programs. Relying on more than 10 years of direct AppSec practitioner experience as both a developer and development leader, Pete provides information on best practices amassed from personal experience in addition to working with Veracode’s 1,000+ global customers. From his experience as both a practitioner and consultant, Pete has spoken internationally at both security and developer conferences on the topics of Application Security (AppSec), Agile and DevOps.

Pete joined Veracode in 2006 as a software developer and was instrumental in delivering the first version of Veracode’s service to customers. Later, as Director of Platform Engineering, Pete built and managed the Agile teams responsible for delivering Veracode’s SaaS platform. He also built the first DevOps team to deliver microservices.

Pete has more than 25 years’ experience developing software and has been granted 3 patents. He has been developing web applications since 1996, including one of the first applications to be delivered through a web interface. In his spare time, he enjoys listening to Rush, drinking whiskey and programming on the Arduino platform.