2. WHO AM I
● 9*+",#-.(;%20+7-*(< 9&.=
● OWASP Global Board of Directors – Vice - Chair
● Member of Review Board at BH Asia, Grace Hopper, BSides >0&?*,*&+*),
Global AppSec, etc.
● /&20$2*%(#&(Diversity Initiatives:
○ InfosecGirls
○ WoSec (Wo8*&(/&(9*+",#-.@
12. DevSecOps — Integrating Security into DevOps
User Stories Secure Coding Linting, Scanning QA
13. DevSecOps — Integrating Security into DevOps
User Stories Secure Coding Linting, Scanning QA Mutating
14. “Shift Left” is not enough
Empowering developers to build applications securely
within the entire development process
of respondents believe developers
should actually own security, but they
aren't well-equipped to do so.
of respondents feel that security is
a major constraint on the ability to
deliver software quickly.
81%
33%
Empower
developers
Enable
security team
31. Empower Dev /Ops to
deliver better and
faster and secure,
instead of blocking.
https://wondercratekids.files.wordpress.com/2017/11/wc_blog_develop-growth-mindset_empower.jpg
35. Key takeaways
● Prepare your Umbrella Before it Rains
(Early AppSec in Pipeline)
● Security is everyone’s responsibilities
● DevSecOps won’t replace your
pentesting activity
● Create a Parallel security pipeline for
more in-depth testing
● Don’t take on risk to generate business
value