Presentation: 7 Strategies for Scaling Product Security
Share this on:
Abstract
Product Security and Application Security Engineering teams are tasked with fixing and preventing security vulnerabilities, developing security controls, building meaningful security automation, maintaining security review processes, building security capabilities into existing products and leveraging the collective skills of the research community, whilst being the guardians of customer data.
Beyond Penetration Testing – In this presentation, we will cover seven different high-ROI strategies for resource-constrained Product Security teams that need to scale to support thousands of developers. We will dig deep into different tenets that help build and grow a high-functioning security engineering practice, including secret management, automation services, vulnerability management, reporting and operational excellence, bug bounty programs, training, engagement and product defense strategies.
Attendees will be provided with actionable technical strategies and time-tested lessons to build a comprehensive Secure SDL program and increase their organization's product security maturity in just a few months.
Similar Talks
Tracks
-
Microservices: Patterns & Practices
Evolving, observing, persisting, and building modern microservices
-
Developer Experience: Level up Your Engineering Effectiveness
Improving the end to end developer experience - design, dev, test, deploy, operate/understand. Tools, techniques, and trends.
-
Modern Java Reloaded
Modern, Modular, fast, and effective Java. Pushing the boundaries of JDK 9 and beyond.
-
Modern User Interfaces: Screens and Beyond
Zero UI, voice, mobile: Interfaces pushing the boundary of what we consider to be the interface
-
Practical Machine Learning
Applied machine learning lessons for SWEs, including tech around TensorFlow, TPUs, Keras, Caffe, & more
-
Ethics in Computing
Inclusive technology, Ethics and politics of technology. Considering bias. Societal relationship with tech. Also the privacy problems we have today (e.g., GDPR, right to be forgotten)
-
Architectures You've Always Wondered About
Next-gen architectures from the most admired companies in software, such as Netflix, Google, Facebook, Twitter, Goldman Sachs
-
Modern CS in the Real World
Thoughts pushing software forward, including consensus, CRDT's, formal methods, & probalistic programming
-
Container and Orchestration Platforms in Action
Runtime containers, libraries, and services that power microservices
-
Finding the Serverless Sweetspot
Stories about the pains and gains from migrating to Serverless.
-
Chaos, Complexity, and Resilience
Lessons building resilient systems and the war stories that drove their adoption
-
Real World Security
Practical lessons building, maintaining, and deploying secure systems
-
Blockchain Enabled
Exploring Smart contracts, oracles, sidechains, and what can/cannot be done with blockchain today.
-
21st Century Languages
Lessons learned from languages like Rust, Go-lang, Swift, Kotlin, and more.
-
Empowered Teams
Safely running inclusive teams that are autonomous and self-correcting