For many years, AppSec managers have had the unenviable task of coordinating, overseeing and working on the security programs of organizations large and small. They are in-house security specialists, and becoming rarer than gold. There are simply not enough of them to go around, yet the risk of cyberattacks is greater than ever.
They are usually under-resourced, overworked, and misunderstood by the development team, who see security as somewhat of a hindrance to their feature-building innovation. It's dysfunctional, to say the least.
Fast-forward to today, and it's becoming apparent that we are not keeping up with the security demand of an increasing supply of code, and "AppSec" best practices are fast becoming outdated. The idea of the general AppSec manager is becoming ancient history, and for good reason: it's time for DevSecOps to get some serious organizational traction, and take the pressure off them while reducing cyber risk.
DevSecOps creates an environment of shared responsibility for security, where developers become responsible for effective deployment, and the lines between AppSec and development teams are increasingly blurred and more collaborative.
The days of a hands-off security approach for developers are over, and with the right training and tools, they can take advantage of this process, upskill and stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.
Security expert Dr. Matias Madou, Ph.D. will demonstrate the changes the industry has faced in the journey from Waterfall to DevSecOps, as well as reveal how AppSec and security awareness professionals can become a powerful piece of the DevSecOps pipeline, nurturing an effective dream team that fights back against cyberattacks and the common vulnerabilities that cause them.