Agile + DevOps West 2020 - Agile Leadership Summit | TechWell

DevSecOps Summit

Friday, June 12, 2020 • 8:30am-3:45pm

Why is learning about DevSecOps vital to you and your role? In the past few years, security integration within the DevOps pipeline has given rise to the idea of DevSecOps. Once seen as the bottleneck and inhibitor of the development and deployment process, security has become an integral part of the movement towards automation and the removal of manual oversight enforcement. As stated in the DevSecOps Manifesto, “We must adapt our ways to ensure data security and privacy issues are not left behind because we were too slow to change.” 

At the DevSecOps Summit, you’ll hear stories from practitioners in the field who are pushing forward with the idea of creating a secure application development pipeline, with security integrated from conception to deployment. They will explain how they made the cultural transformation from legacy development and deployment processes, to integrated systems that include security as a part of the process, not as an overseer or bottleneck to secure application development. This series of first-person talks will give you an ideal perspective on how you and your team can enable faster application development with more rapid deployment to production while integrating security into your DevOps initiatives.

Registration is free for conference attendees (simply "add-on" to any conference package), but you must reserve your seat in advance. Complimentary breakfast and lunch included for Summit registrants.

Friday, June 12

Alyssa Miller
Snyk, Ltd.

So Happy Together: Making the Promise of DevSecOps a Reality

Add to calendar
Friday, June 12, 2020 - 8:45am to 9:30am

It may be hard for some to believe, but it’s been over a decade since DevOps was first introduced. It wasn’t very long after that the concept of DevSecOps began to emerge as security practitioners attempted to keep application security practices engaged in software delivery. However, recent surveys show that even in organizations that have adopted a DevSecOps model, security is still often viewed as a bottleneck. This idea of security as an inhibitor can undermine the promise of DevSecOps to deliver a culture of shared responsibility for security. Hacker, former developer, and application...

Learn More

Effective Static Analysis is the Key to Successful DevSecOps

Add to calendar
Friday, June 12, 2020 - 9:45am to 10:15am

DevSecOps creates more effective security by moving the traditional gate earlier instead of the end of the pipeline, where it’s too late to effectively fix security issues. Static code analysis is the best way to move security as far left as possible by using both early detection checkers for common issues like tainted data as well as secure-by-design coding patterns that harden the code against todays common attacks. However, static analysis has a reputation for being noisy and causing extra work. We will explore tips and tricks to make sure your static analysis is delivering security...

Learn More

AppSec: Grim Reaper or Archangel of Dev?

Add to calendar
Friday, June 12, 2020 - 10:15am to 10:45am

AppSec has gotten a bad rap as the “no” team, having to bear the bad news of why Development can’t deploy. But it’s not their fault—without effective integration of AppSec into the SDLC, both teams suffer from untimely information, which means AppSec can only deliver bad news, not enable security as a health part of a Development process. With an effective SecDevOps program that includes proactive policy assignment to effectively manage security debt and automate governance, Security shifts from being a blocker to an advisor in decreasing project delivery risk, without sacrificing velocity...

Learn More
Contrast Security

Embracing DevSecOps through Embedded Application Security

Add to calendar
Friday, June 12, 2020 - 11:00am to 11:30am

Traditional approaches to application security create unacceptable drag and scaling problems for DevOps, while expert staffing and tooling requirements to support “more code, faster” create untenable economics. This presentation will discuss the transformative impact of embedding application security into applications themselves. Embedded AppSec removes friction, enables security to be seamlessly woven into DevOps, and provides a continuous and unified approach across the SDLC that empowers Dev, Security, QA/Test, Ops, and other stakeholders to collaborate and realize the benefits of...

Learn More
Guy Herbert

Risk Management and Audit in a High Change Environment

Add to calendar
Friday, June 12, 2020 - 11:30am to 12:00pm

When you are trying to move fast and ship to customers you don't want risk and compliance holding you back. But the environment that we work in requires you to have good risk management and we all have compliance obligations that we need to maintain. So how do we make this work? At Atlassian, we are always trying to ship faster to meet your needs and we have lots of compliance obligations to maintain - come and hear from Guy Herbert, Atlassian's Risk Futurist about how the combination of people, practices, and tools has enabled teams to ship multiple times per day to regulated compliance...

Learn More

Exciting Talk TBA

Add to calendar
Friday, June 12, 2020 - 1:00pm to 1:45pm

More details coming soon.

DevSecOps: Essential Pipeline Tooling to Enable Continuous Security

Add to calendar
Friday, June 12, 2020 - 2:00pm to 2:30pm

As we start pushing toward more frequent releases, we no longer have time for slow, manual, late-lifecycle security assessments to determine if our code is going to put us on the front page of the newspaper (for the wrong reasons). We need a way to know that our code is secure enough every day. What we need is continuous security. DevSecOps is about exactly that: shifting security assessment left and integrating it into our daily and sprint-ly cycles. It means finding touchpoints in our continuous integration/continuous delivery (CI/CD) pipeline where security tools can be run continuously...

Learn More
Bob Crews
Checkpoint Technologies

Continuous QA Risk Analysis with an AppSec-DevOps-OWASP Mindset!

Add to calendar
Friday, June 12, 2020 - 2:30pm to 3:00pm

The scope and complexities of Application Security testing in a DevOps world are rapidly increasing as new technologies emerge, applications become more advanced, vulnerabilities more prevalent, and threats become more astute! The quantity and types of vulnerabilities can make the process of testing overwhelming, especially in a DevOps and Agile world when factoring in aggressive target dates and a lack of resources. Utilizing a rapid, strategic risk-based analysis approach while factoring in the OWASP Top 10 will assist you in prioritizing your overall testing effort. If you can’t...

Learn More