AppSec: Grim Reaper or Archangel of Dev?
AppSec has gotten a bad rap as the “no” team, having to bear the bad news of why Development can’t deploy. But it’s not their fault—without effective integration of AppSec into the SDLC, both teams suffer from untimely information, which means AppSec can only deliver bad news, not enable security as a health part of a Development process. With an effective SecDevOps program that includes proactive policy assignment to effectively manage security debt and automate governance, Security shifts from being a blocker to an advisor in decreasing project delivery risk, without sacrificing velocity or agility. Attendees will learn how to identify where they are on the SecDevOps maturity curve, how to move up the curve through their people, processes & tools, and to translate AppSec information into actionable data to improve both security and delivery.