Session Details

Session Details2019-01-07T06:21:08+00:00

Building An AppSec Program From The Ground Up: An Honest Retrospective

Presented by: John Melton
Time: Friday, Jan. 11, 4:00 PM - 5:00 PM

This talk will cover the lessons learned from a 2-year journey starting an appsec program at a small-medium sized DevOps driven company that previously had no security program. This will be an honest look at what worked, what didn't work, as well as a follow-up analysis. There will be plenty of stories, common sense perspective, as well as discussion around goal-setting and execution. This will be the talk I wish I had two years ago when I was starting this adventure. From this talk, you'll walk away with: * honest assessments of "best practices" and how they apply to security in DevOps environments (and a call to action to think critically about best practices!) * recommendations of how to setup a DevOps oriented security program * practical ideas on where to spend time and what to delay * some entertainment at the expense of some of my failures in learning these lessons

Room: Aloeswood / Leopard WoodTags: SecurityLevel: Intermediate