How to put the "Sec" in "DevSecOps" (and make sure it actually works)
Matias Madou at All The Talks 2020 - Security
In the ancient times of software creation, we had AppSec, and we had developers.
Generally, AppSec was aware of security problems, their impact, and code-level fixes. However, these remedies would rarely work in the custom tech stack of the company. Developers cranked out software features in a fast, functional and reliable way, but also released their code for security review as late as possible. Why? To shorten the AppSec feedback window, ensuring their out-of-context security recommendations would bounce back well after the release window and not halt proceedings. A little dysfunctional, to say the least.
Fast-forward to today, and demand for software is greater than ever, as is the risk of data breaches from common vulnerabilities. And the DevSecOps movement is here to change the game. DevSecOps creates an environment of shared responsibility for security, where developers become responsible for effective deployment, and the AppSec and development teams are more collaborative. With the right training and tools, developers can take advantage of this process, upskill their security awareness and stand out among their peers.
Security expert Dr. Matias Madou, Ph.D. will reveal how developers can become a powerful piece of the DevSecOps pipeline, without compromising the work they love most.
Matias Madou
Matias Madou is the CTO of Secure Code Warrior where he is responsible for leading the company’s technology vision and overseeing the engineering team. Matias has more than 15 years of hands-on software security experience and has developed solutions for companies such as HP Fortify, and founded a company called Sensei Security.
Over his career, Matias has led multiple application security research projects which have led to commercial products and boasts over 10 patents under his belt. When he is away from his desk, Matias has served as an instructor for advanced application security training courses and regularly speaks at global conferences including RSA Conference, Black Hat, DefCon, BSIMM, OWASP AppSec and BruCon.
Matias holds a Ph.D. in Computer Engineering from Ghent University, where he studied application security through program obfuscation to hide the inner workings of an application.
Generally, AppSec was aware of security problems, their impact, and code-level fixes. However, these remedies would rarely work in the custom tech stack of the company. Developers cranked out software features in a fast, functional and reliable way, but also released their code for security review as late as possible. Why? To shorten the AppSec feedback window, ensuring their out-of-context security recommendations would bounce back well after the release window and not halt proceedings. A little dysfunctional, to say the least.
Fast-forward to today, and demand for software is greater than ever, as is the risk of data breaches from common vulnerabilities. And the DevSecOps movement is here to change the game. DevSecOps creates an environment of shared responsibility for security, where developers become responsible for effective deployment, and the AppSec and development teams are more collaborative. With the right training and tools, developers can take advantage of this process, upskill their security awareness and stand out among their peers.
Security expert Dr. Matias Madou, Ph.D. will reveal how developers can become a powerful piece of the DevSecOps pipeline, without compromising the work they love most.
Matias Madou
Matias Madou is the CTO of Secure Code Warrior where he is responsible for leading the company’s technology vision and overseeing the engineering team. Matias has more than 15 years of hands-on software security experience and has developed solutions for companies such as HP Fortify, and founded a company called Sensei Security.
Over his career, Matias has led multiple application security research projects which have led to commercial products and boasts over 10 patents under his belt. When he is away from his desk, Matias has served as an instructor for advanced application security training courses and regularly speaks at global conferences including RSA Conference, Black Hat, DefCon, BSIMM, OWASP AppSec and BruCon.
Matias holds a Ph.D. in Computer Engineering from Ghent University, where he studied application security through program obfuscation to hide the inner workings of an application.