BSidesSF 2019 has ended
Back To Schedule
Monday, March 4 • 3:30pm - 4:00pm
DevSecOps State of the Union

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Many companies have shared their lessons learned in scaling their security efforts, leading to hundreds of blog posts and conference talks. Sharing knowledge is fantastic, but when you're a busy AppSec engineer or manager struggling to keep up with day-to-day requirements, it can be difficult to stay on top of or even be aware of relevant research.

This talk will summarize and distill the unique tips and tricks, lessons learned, and tools discussed in a vast number of blog posts and conference talks over the past few years and combine it with knowledge gained from in-person discussions with AppSec engineers at a number of companies with mature security teams.

Topics covered will include:
• Principles, mindsets, and methodologies of highly effective AppSec teams
• Best practices in developing security champions and building a positive security culture
• High value engineering projects that can prevent classes of bugs
• How and where to integrate security automation into the CI/CD process in a high signal, low noise way
• Open source tools that help with one or more of the above

Attendees will leave this talk with an understanding of the current state of the art in DevSecOps, links to tools they can use, resources where they can dive into specific topics of interest, and most importantly an actionable path forward for taking their security program to the next level.


Clint Gibler

Senior Security Consultant, NCC Group
Clint Gibler is a research director at NCC Group, a global information assurance specialist providing organizations with security consulting services. He’s helped companies implement security automation and DevSecOps best practices as well as performed penetration tests for companies... Read More →

Monday March 4, 2019 3:30pm - 4:00pm PST
City View