Application Security/Software Assurance

Security Congress Abstract

3516 - How to adapt the SDLC for DevSecOps

Wednesday, October 10
11:00 AM - 12:00 PM
Location: Floor 2: Galerie 4

The standard approach for web application security over the last decade and beyond has focused heavily on slow gatekeeping controls like static analysis and dynamic scanning. However, these controls was originally designed in a world of Waterfall development and their heavy weight nature often cause more problems than they solve in today's world of agile, DevOps, and CI/CD.

This talk will share practical lessons learned at Etsy on the most effective application security techniques in todays increasingly rapid world of application creation and delivery.


Learning Objectives:

Zane Lackey

Chief Security Officer
Signal Sciences

Zane Lackey is the Co-Founder / Chief Security Officer at Signal Sciences and the author of Building a Modern Security Program (O’Reilly Media). He serves on multiple Advisory Boards including the National Technology Security Coalition, the Internet Bug Bounty Program, and the US State Department-backed Open Technology Fund. Prior to co-founding Signal Sciences, Zane lead a security team at the forefront of the DevOps/Cloud shift as CISO of Etsy.

He has been featured in notable media outlets such as the BBC, Wall Street Journal, Associated Press, Forbes, Wired, and CNET. A frequent speaker at top industry conferences, he has presented at BlackHat, RSA, Velocity, OWASP, DevOpsDays, and has given invited lectures at Facebook, Goldman Sachs, IBM, Microsoft, Carnegie Mellon University, and the Federal Trade Commission.


Send Email for Zane Lackey


3516 - How to adapt the SDLC for DevSecOps





Attendees who have favorited this

Please enter your access key

The asset you are trying to access is locked. Please enter your access key to unlock.

Send Email for How to adapt the SDLC for DevSecOps