Protecting our customers Our security research team has built and deployed a rule to protect…
AppSecUSA 2016 wrapped up last week. To recap the event, we have captured what we think are the Top 10 tweets of from the event. We had a great time talking application security defense with event attendees while both Zane Lackey and James Wickett from Signal Sciences spoke at the AppSecUSA.
Now, without further ado, these are the Top 10 Tweets from AppSecUSA…
10. Not failing is not a solution
We see security as a binary event, when real security should not focus on never failing, it has to be about alerting and advancing defensive measures.
9. Incentives drive results with bug bounties (and other AppSec initiatives)
We forget about our incentives, but what gets measured is what gets done.
8. Our humor hasn’t gotten much better over the years
I am a sucker for Dad-jokes so there was no way I was leaving this gem out of the list.
7. Good advice on building a security program before trying to do the latest/greatest
There is always the temptation to go from new technology to new technology but if your culture can’t support it, then you are just making noise or worse building technical debt.
6. We still are confused about what the latest/greatest is
The industry is still struggling with setting the direction in some areas.
5. DevOps has gone mainstream in the AppSec world
One of my favorite things about AppSecUSA this year was the emphasis on DevOps. It has long been the tradition of security practitioners to ignore the movements going on in the industry. For years many security people would only reference “the cloud” using air quotes. However, to see security bridging with DevOps at this conference was really neat.
4. Automation makes sense but we still reserve some work for the humans
Security experts need to automate as much as they can and spend as much time doing the testing that cannot be automated. In DevOps, this same type of thinking has been applied successfully to QA, Ops, and more…
3. DevSecOps defined by Shannon Lietz helped frame security’s role
DevOps and Security under the umbrella of DevSecOps helps bridge organizations in companies. This presentation encapsulated the pragmatic approaches to do this.
2. The speaker gifts were: Custom. Lego. Minifigs. Need we say more?
1. It was a great conference, see you at AppSecEU!
I had the chance to meet several of the AppSecEU planning team and it looks like it is shaping up to be an excellent conference as well. See you in Belfast!
Thanks for Reading