2016 AppSecUSA Talk

Along with Chris Barker and Adrien Thebo, I gave a talk titled “Everything is Terrible: Three Perspectives on Building, Configuring, and Securing Software” at AppSecUSA 2016. It seemed to go over pretty well. You can watch it on YouTube and the abstract is below. If somehow YouTube loses it, let me know and I’ve got a copy of the video.

Abstract

Developers, operations, and security all have differing agendas and benchmarks for success. One is tasked with building new features, the next with delivering and making them available, and the third is tasked with mitigating the risks associated with the previous two.

Core to the DevOps movement is the idea of building empathy with people in other teams in order to align for business success. Providing the perspectives from three engineers who have each lived primarily in one of Dev, Ops, or Security, but have also worked collaboratively to try not to kill each other. They will talk about their backgrounds, provide practical examples from daily experiences, and share suggestions on building common tooling that minimizes friction and enhances collaboration.

This talk will discuss

• The misalignment of priorities that organisations often force upon these groups
• Struggles with collaboration and working cultures
• Common bottlenecks associated with release cycles and security processes
• Building empathy and optimizing for communication that doesn’t involve fisticuffs (or other 19th century combat styles)

The audience will come away with:

• Ideas for handling these complicated situations
• Approaches for building workflows and possible tooling suggestions to minimize the tire fires
• A new appreciation for those on the other sides of the silo walls