Securing Code: Lessons, Practices, Advice
|
|
- Briana Neal
- 5 years ago
- Views:
Transcription
1 SESSION ID: SEM-M04C Securing Code: Lessons, Practices, Advice Rob Fry VP of Engineering
2 About Me In Industry for 20+ Years Architecture and Security Automation & Orchestration
3 Agenda Problems With Adding S to SDLC Possible Solutions Emerging Tech Ways To Apply
4 Problems With Adding S To SDLC The People, The Process, The Technology
5 Adding S To SDLC is HARD!? 5
6 Technology Adoption: Business Decision Making $100 $75 $50 & $25 $ Business Value Employee Value
7 Technology Adoption : Business Value Protect Top-line & Bottom-line Revenue Faster Product to Market Improved Productivity Operational Efficiency
8 Technology Adoption : Employee Value women Attracting & Keeping Top Performers success Human Capital management skills positive Feel Empowered To Help Business Ability To Innovate & Have Impact job leadership Community Collaboration
9 Technology Adoption : Examples
10 Technology Adoption : Accelerating Convergence Even Faster Adoption!
11 Technology Adoption : Opposing Forces Who Wins? Business & Employee Value? Security Risk
12 Technology Adoption : Opposing Forces Business & Employee Value $ Security Risk
13 Company Culture
14 Company Culture
15 Company Culture
16 Company Culture O N
17 Finding The Uncomfortable Zone
18 Possible Solutions The People, The Process, The Technology
19 Possible Solutions : Technology Convergence! More OSS Security Solutions Than Ever Before Community Supported BurpSuite, Metasploit, Arachni, Etc. Open Source Give Back!
20 Possible Solutions : Technology Convergence! Open Source 3rd Party Vendors
21 Possible Solutions : Technology Convergence! Open Source 3rd Party Vendors Automation
22 Possible Solutions : The People Learn To Code Get Involved In The Community Hire Software Engineers No, They Don t Need To Know Security Build What Vendors Don t
23 Possible Solutions : Make Security 1st Class Citizen =
24 Possible Solutions : Business Driven Approach Learn To Have a Business Conversation
25 Possible Solutions : Business Driven Approach Secure Areas Tied To Business Value
26 Possible Solutions : Technology Convergence! Build Security Here!
27 Possible Solutions : Idea Convergence! Source Build Scan Report Validate Track Continuous Scanning Automation Framework
28 Possible Solutions : Idea Convergence! Source Build Scan Report Validate Track Continuous Scanning Success Automation Framework
29 Possible Solutions : Idea Convergence! Source Build Scan Report Validate Track Continuous Scanning Success Automation Framework
30 Possible Solutions : Idea Convergence! Source Build Scan Report Validate Track Continuous Scanning Success Automation Framework False-positives
31 Possible Solutions : Idea Convergence! Source Build Scan Report Validate Track Continuous Scanning Success Automation Framework False-positives Analyst
32 Possible Solutions : Idea Convergence! Source Build Scan Report Validate Track Continuous Scanning Success Automation Framework False-positives Analyst
33 Emerging Technology The People, The Process, The Technology
34 Emerging Technology
35 Ways To Apply The People, The Process, The Technology
36 Ways To Apply Align With The Business Work The Way Your Software Teams Do Don t Fear Change, Adopt Technology Accordingly Learn To Code & Think Different About Hiring Have Business Conversations 36
37 Q&A Thanks