- This event has passed so registration is closed.
Overview
The “shift left” approach is not a new concept within software testing and DevOps best practices and it is commonly thought of when discussing DevSecOps. This usually includes security testing earlier in the software development lifecycle with the goal of identifying security vulnerabilities and weaknesses prior to shipping code to operations. However, “shift security left” is commonly interpreted to be “get developers to run security tools”. This approach is fraught with issues as it requires developers to context switch out of their workflow, learn and use new tools, understand the output of these new tools, and file bugs to be remediated (in yet another tool). The “shift left” approach requires a harder shift left, bringing security testing as close as possible to the developer while not expecting them to learn new tools. Furthermore, security results need to be contextual and provide actionable next steps so they can be resolved as quickly as possible. Finally, security scans need to finish in minutes, not in hours or days. A harder shift left empowers you and your organization as it applies repeatable, defensible processes that automate security and compliance policies from the first line of code written.
In this session, we will discuss:
• Common pitfalls when implementing traditional “shift left” security
• How to best apply different security scanning techniques available
• Embedding security scanning into the developer workflow
• Automating secure development best practices
Moderator
Alex Grohmann – Founder, Sicher Consulting
As a security and privacy professional for over 25 years, Alex Grohmann as helped to promote the profession through professional and personal contributions. He is currently the Chief Information Security Officer (CISO) for Acuity International, a $550 million organization with locations in over 10 countries. He volunteers a great deal of his time to make the profession stronger through his efforts in ISSA.
During Alex’s time on the international board, has been the lead for the Privacy Special Interest Group (SIG), managing the group and the efforts along with the chairs. The SIG has grown to nearly 2,000 members in the few short years of its existence.
As a 20-year member of the Northern Virginia chapter, Mr. Grohmann has volunteered on its board for 9 years, with 3 of those as chapter president. During that time, the chapter won the Chapter of Year, and he collected the Honor Roll and Fellow designations.
Outside of ISSA, Alex has served on several boards and/groups including Washington DC InfraGard, NIST’s NICE and the IT-Sector Coordinating Council (IT-SCC).
Alex is a graduate of Florida State University in Management Information Systems, and a proud Seminole.
Speaker/s
David DeSanto – Senior Director, Product Management - Security at GitLab, GitLab
David is the Senior Director, Product Management – Security at GitLab. He is a network security professional with a deep background in security research and product strategy. David lives in the greater Dallas, TX area with his wife and their two dogs.
Recent On-Demand Web Conferences
ISSA Webinars and Conference series cover all the continuing education credits to maintain your cyber security certifications. (CPEs, CEUs, ECE, etc). Each hour is equal to one continuing education credit. Certificates of completion are available upon request after completion. For instructions, click here.