AppSec managers are becoming extinct. Get ready to embrace DevSecOps
Thursday, September, 03rd, 2020
For many years, AppSec managers have had the unenviable task of coordinating, overseeing and working on the security programs of organizations large and small. They are in-house security specialists, and becoming rarer than gold. There are simply not enough of them to go around, yet the risk of cyberattacks is greater than ever.
They are usually under-resourced, overworked, and misunderstood by the development team, who see security as somewhat of a hindrance to their feature-building innovation. It’s dysfunctional, to say the least.
Fast-forward to today, and it’s becoming apparent that we are not keeping up with the security demand of an increasing supply of code, and “AppSec” best practices are fast becoming outdated. The idea of the general AppSec manager is becoming ancient history, and for good reason: it’s time for DevSecOps to get some serious organizational traction, and take the pressure off them while reducing cyber risk.
DevSecOps creates an environment of shared responsibility for security, where developers become responsible for effective deployment, and the lines between AppSec and development teams are increasingly blurred and more collaborative.
The days of a hands-off security approach for developers are over, and with the right training and tools, they can take advantage of this process, upskill and stand out among their peers… however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.
Security expert Dr. Matias Madou, Ph.D. will demonstrate the changes the industry has faced in the journey from Waterfall to DevSecOps, as well as reveal how AppSec and security awareness professionals can become a powerful piece of the DevSecOps pipeline, nurturing an effective dream team that fights back against cyberattacks and the common vulnerabilities that cause them.
Co-Founder and CTO
Secure Code Warrior
Matias is the CTO and co-founder of Secure Code Warrior. Matias holds a Ph.D. in computer engineering from Ghent University, where he studied application security through program obfuscation, working primarily on static analysis solutions. With his Ph.D., he moved to the U.S. to join Fortify Software (acquired by HP) and stayed seven years to build out his career. Starting as an intern, he became the research architect for all the runtime solutions spanning Fortify and ArcSight products. During his time at Fortify, he thought it was far too easy to find security problems in code if you never teach the developer how to write secure code in the first place. With this in mind, he started Sensei Security; a company that eventually merged with Secure Code Warrior. When he is not at his desk as part of Team Awesome, he enjoys being on stage presenting at conferences including BSIMM, RSA Conference, BlackHat and DefCon.