skip to Main Content

AppSecUSA 2016 wrapped up last week. To recap the event, we have captured what we think are the Top 10 tweets of from the event. We had a great time talking application security defense with event attendees while both Zane Lackey and James Wickett from Signal Sciences spoke at the AppSecUSA.

Now, without further ado, these are the Top 10 Tweets from AppSecUSA…

10. Not failing is not a solution

We see security as a binary event, when real security should not focus on never failing, it has to be about alerting and advancing defensive measures.


9. Incentives drive results with bug bounties (and other AppSec initiatives)

We forget about our incentives, but what gets measured is what gets done.


8. Our humor hasn’t gotten much better over the years

I am a sucker for Dad-jokes so there was no way I was leaving this gem out of the list.


7. Good advice on building a security program before trying to do the latest/greatest

There is always the temptation to go from new technology to new technology but if your culture can’t support it, then you are just making noise or worse building technical debt.


6. We still are confused about what the latest/greatest is

The industry is still struggling with setting the direction in some areas.


5. DevOps has gone mainstream in the AppSec world

One of my favorite things about AppSecUSA this year was the emphasis on DevOps. It has long been the tradition of security practitioners to ignore the movements going on in the industry. For years many security people would only reference “the cloud” using air quotes. However, to see security bridging with DevOps at this conference was really neat.


4. Automation makes sense but we still reserve some work for the humans

Security experts need to automate as much as they can and spend as much time doing the testing that cannot be automated. In DevOps, this same type of thinking has been applied successfully to QA, Ops, and more…


3. DevSecOps defined by Shannon Lietz helped frame security’s role

DevOps and Security under the umbrella of DevSecOps helps bridge organizations in companies. This presentation encapsulated the pragmatic approaches to do this.


2. The speaker gifts were: Custom. Lego. Minifigs. Need we say more?



1. It was a great conference, see you at AppSecEU!

I had the chance to meet several of the AppSecEU planning team and it looks like it is shaping up to be an excellent conference as well. See you in Belfast!


Thanks for Reading

At Signal Sciences we provide a modern approach to application security and web application firewalls. We also have a resource we provide for those doing security in the modern era of DevOps.

The DevOps Roadmap for Security

This Signal Sciences report provides a playbook to help bridge the gap between DevOps and Security tribes in your organization.

Free Ebook


Back To Top