Wednesday
Room 2
10:20 - 11:20
(UTC+01)
Talk (60 min)
Using developer-centric data to predict, prioritize, and improve Application Security Outcomes
Most application security programs and initiatives stem from the security team and are passed to development teams. They are born outside the constraints and realities under which software is built. More often than not, these initiatives encounter resistance, friction, or challenges that impact their sustainability and effectiveness, mainly when applied to larger development organizations.
These challenges are visible when reviewing the progress and evolution of DevSecOps approaches over the past ten years and how our teams have reverted to more siloed approaches despite the solid intentions and patterns defined within the DevSecOps concept.
Using data about our software teams, their behaviors, lifecycles, and projects, can we identify which application security initiatives to implement first and which are most likely to succeed and improve overall outcomes? In addition to this, can taking a developer-centric view of these programs encourage meaningful collaboration between security and software teams based on shared contextual understanding?
Laura Bell
With over twenty years of experience in software development and information security, Laura Bell Main specializes in bringing security into organizations of every shape and size.
She is the co-founder and CEO of SafeStack, an online education platform offering flexible, high-quality, and people-focused secure development training for fast-moving companies, focusing on building security skills, practices, and culture across the entire engineering team.
Laura is an experienced conference speaker, trainer, and regular panel member and has spoken at various events such as BlackHat USA, Velocity, and OSCON on the subjects of privacy, covert communications, agile security, and security mindset.
She is also the co-author of Agile Application Security and Security for Everyone.