AppSec is dead. Long live DevSecOps!
Matias Madou at DevSecCon24 2020
In the ancient times of software creation, we had AppSec, and we had developers.
Generally, AppSec was aware of security problems, their impact, and code-level fixes. However, these remedies would rarely work in the custom tech stack of the company. Developers cranked out software features in a fast, functional and reliable way, but also released their code for security review as late as possible. Why? To shorten the AppSec feedback window, ensuring their out-of-context security recommendations would bounce back well after the release window and not halt proceedings. A little dysfunctional, to say the least.
Fast-forward to today, and our demand for software is greater than ever before, as is the risk of data breaches from common vulnerabilities. This fractured process cannot work, and the DevSecOps movement is here to change the game. DevSecOps creates an environment of shared responsibility for security, where developers become responsible for effective deployment, and the lines between AppSec and development teams are increasingly blurred and more collaborative.
The days of a hands-off security approach for developers are over, and with the right training and tools, they can take advantage of this process, upskill their security awareness and stand out among their peers.
Security expert Dr. Matias Madou, Ph.D. will demonstrate the changes the industry has faced in the journey from Waterfall to DevSecOps, as well as reveal how you, the developer, can become a powerful piece of the DevSecOps pipeline, without compromising the work you love most, all while upskilling and become an even more sought-after engineer in the process.
Matias Madou
CTO and co-founder
Matias is the CTO and co-founder of Secure Code Warrior. Matias holds a Ph.D. in computer engineering from Ghent University, where he studied application security through program obfuscation and was mainly working on static analysis solutions. With his Ph.D., he moved to the U.S. to join Fortify Software (acquired by HP) and stayed seven years to build out his career from an intern to being the research architect for all the runtime solutions spanning Fortify and ArcSight products. During his time at Fortify, he thought it was all too easy to find problems in code if you never tell the developer how to write secure code in the first place, so he started Sensei Security which merged with Secure Code Warrior. He enjoys being on stage presenting at conferences including BSIMM, RSA Conference, BlackHat and DefCon.
Generally, AppSec was aware of security problems, their impact, and code-level fixes. However, these remedies would rarely work in the custom tech stack of the company. Developers cranked out software features in a fast, functional and reliable way, but also released their code for security review as late as possible. Why? To shorten the AppSec feedback window, ensuring their out-of-context security recommendations would bounce back well after the release window and not halt proceedings. A little dysfunctional, to say the least.
Fast-forward to today, and our demand for software is greater than ever before, as is the risk of data breaches from common vulnerabilities. This fractured process cannot work, and the DevSecOps movement is here to change the game. DevSecOps creates an environment of shared responsibility for security, where developers become responsible for effective deployment, and the lines between AppSec and development teams are increasingly blurred and more collaborative.
The days of a hands-off security approach for developers are over, and with the right training and tools, they can take advantage of this process, upskill their security awareness and stand out among their peers.
Security expert Dr. Matias Madou, Ph.D. will demonstrate the changes the industry has faced in the journey from Waterfall to DevSecOps, as well as reveal how you, the developer, can become a powerful piece of the DevSecOps pipeline, without compromising the work you love most, all while upskilling and become an even more sought-after engineer in the process.
Matias Madou
CTO and co-founder
Matias is the CTO and co-founder of Secure Code Warrior. Matias holds a Ph.D. in computer engineering from Ghent University, where he studied application security through program obfuscation and was mainly working on static analysis solutions. With his Ph.D., he moved to the U.S. to join Fortify Software (acquired by HP) and stayed seven years to build out his career from an intern to being the research architect for all the runtime solutions spanning Fortify and ArcSight products. During his time at Fortify, he thought it was all too easy to find problems in code if you never tell the developer how to write secure code in the first place, so he started Sensei Security which merged with Secure Code Warrior. He enjoys being on stage presenting at conferences including BSIMM, RSA Conference, BlackHat and DefCon.