APPSEC Cali 2018 - We Come Bearing Gifts: Enabling Product Security with Culture and Cloud

L1WaMzN4dhY/default.jpg

Abstract :
What would it look like if security never had to say “no”?

This talk explores that counter-intuitive premise, and shows how it is not just possible but *necessary* to discard many traditional security behaviors in order to support modern high-velocity, cloud-centric engineering teams. For the product security team at Netflix, this is the logical implication of a cultural commitment to enabling the organization.

Attendees will learn how to replace heavy-handed gating with an automation-first approach, and build powerful security capabilities on top of cloud deployment primitives. Specific examples including provable application identity, immutable and continuous deployment, and secret bootstrapping illustrate how this approach balances security impact with engineering enablement.

About Astha Singhal
Astha Singhal currently leads the Application Security team at Netflix. Prior to this, she managed the Salesforce AppExchange Security Review as a Senior Manager on Product Security. She is a security engineer by qualification who is passionate about proactive security and developer enablement. Astha is an active member of the Bay Area security community as an organizer of conferences like AppSec USA 2015, BSidesSF 2017 and other local security meetups. She is also passionate about STEM careers for women and participates in initiatives like Techbridge, Hackbright and YearUp.

About Patrick Thomas
Patrick Thomas is a professional breaker of software with a tremendous amount of love for the builders. He started as a developer, spent years as a penetration tester, and has now found a home in the middle improving appsec as a Senior Application Security Engineer at Netflix. He has previously spoken at Black Hat, DEFCON, SecTor, AppSec Cali, TROOPERS and others.

Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP...

L1WaMzN4dhY/default.jpg
APPSEC Cali 2018 - We Come Bearing Gifts: Enabling Product Security with Culture and Cloud APPSEC Cali 2018 - We Come Bearing Gifts: Enabling Product Security with Culture and Cloud Reviewed by Anonymous on March 19, 2018 Rating: 5