STAREAST 2020 Concurrent Session : Large-Scale DevSecOps: Bringing Security Confidence to a Chaotic Development World


Wednesday, May 6, 2020 - 2:45pm to 3:45pm

Large-Scale DevSecOps: Bringing Security Confidence to a Chaotic Development World

Implementing application security programs on a large scale can often seem chaotic and unwieldy. Without the proper knowledge to implement robust AppSec tools, DevSecOps on a large scale can be overwhelming. Additionally, with the countless number of customizable build, task-tracking, and CI integration systems available, many companies don’t know where to begin implementation of DevSecOps. Dennis Hurst will provide the knowledge necessary to wield powerful AppSec tools based on his experience with a variety of large corporate clients. He'll discuss common pitfalls and unique challenges with various tools (including static, dynamic, threat modeling, and architecture review) in the DevOps process. You'll learn what “the board” and C-level executives really care about in security, how to identify and track the right key performance indicators and program metrics, and what needs to be implemented before an application should be moved into production. Don’t get lost in the often-chaotic world of high-power DevSecOps initiatives; learn how to handle them well so you can appropriately protect your applications.

Dennis Hurst
Saltworks Security

Dennis Hurst is a highly respected security expert with expertise in the area of application security and the integration of security into all aspects of the software development lifecycle. His broad experience in security, application development, product management, and IT operations have given him the knowledge and experience to work with many Fortune 500 companies around the globe implementing successful application security programs. Mr. Hurst has also been influential in many industry organizations, such as the Cloud Security Alliance (CSA), the Open Web Application Security Project (OWASP), and other industry groups. He is a founding member of the CSA, where he cowrote the Application Security section of v1 and v2 of its guidelines.