AppSec is dead. Long live DevSecOps!

Presented by

Matias Madou, Ph.D., Co-Founder and CTO, Secure Code Warrior

About this talk

In the ancient times of software creation, we had AppSec, and we had developers. Generally, AppSec was aware of security problems, their impact, and code-level fixes. However, these remedies would rarely work in the custom tech stack of the company. Developers cranked out software features in a fast, functional and reliable way, but also released their code for security review as late as possible. Why? To shorten the AppSec feedback window, ensuring their out-of-context security recommendations would bounce back well after the release window and not halt proceedings. A little dysfunctional, to say the least. Fast-forward to today, and our demand for software is greater than ever before, as is the risk of data breaches from common vulnerabilities. This fractured process cannot work, and the DevSecOps movement is here to change the game. DevSecOps creates an environment of shared responsibility for security, where developers become responsible for effective deployment, and the lines between AppSec and development teams are increasingly blurred and more collaborative. The days of a hands-off security approach for developers are over, and with the right training and tools, they can take advantage of this process, upskill their security awareness and stand out among their peers. Delivered by security expert Matias Madou, Ph.D., he will demonstrate: The changes the industry has faced in the journey from Waterfall to DevSecOps How developers can navigate change and become a powerful piece of the DevSecOps pipeline Why DevSecOps doesn't have to compromise the work developers love most How sharing the responsibility for security works in a team environment Why upskilling as a security-aware developer will help bridge the cybersecurity skills gap, and make them a sought-after engineer in the process.

Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (1759)
Subscribers (46605)
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (C|EH), Computer Hacking Forensics Investigator (C|HFI) and EC-Council Certified Security Analyst (E|CSA)/License Penetration Tester (L|PT) programs, and various others offered in over 60 countries around the globe.