AppSec in a DevOps World

Security has typically been done at the end of the development cycle if it’s done at all. This has all of the same side effects as testing quality just before shipping namely surfacing work and risk at the worst possible time. DevOps is forcing development teams to re-think their accountability. Not only are they responsible for functional quality but now they must also operationalize their software. I assert that they should also be accountable for security. They should treat security findings as equal citizens to their functional defects. Software written without security in mind opens a company up to brand damage and the costs associated with breaches. This will reflect directly on the teams that built the software.

How can DevOps teams add security to DevOps without losing velocity? In this session, Peter Chestna, Director of Developer Engagement, discusses how security is typically bolted on to the development process as well as the pressures on DevOps teams. He will then provide practical strategies to integrate security successfully into the SDLC while maintaining the velocity necessary to realize the benefits of DevOps.

What you will learn: 1. Why application security (AppSec) is important 2. Why traditional approaches don’t work 3. How to add security into DevOps while maintaining velocity 4. What to measure as leading indicators of success

view full program



Peter Chestna


As Director of Developer Engagement at Veracode/CA, Pete provides customers with practical advice on how to successfully roll out developer-centric application security programs. Relying on more than