Security Superstream: Building Operational Resilience

Chloé Messdaghi: Introduction (5 minutes) - 8:00am PT | 11:00am ET | 3:00pm UTC/GMT

• Chloé Messdaghi welcomes you to the Security Superstream.

Gloria Chow: Automating Security Testing in the DevSecOps Landscape (45 minutes) - 8:05am PT | 11:05am ET | 3:05pm UTC/GMT

• Gloria Chow is your guide into the realm of automated security testing in today's DevSecOps landscape, exploring best practices around the use of automated security testing tools such as SAST and DAST, and introducing methods for automating the security testing of APIs. Learn how to seamlessly integrate your automated security tests into your CI/CD pipelines to ensure continuous security in your software applications while maintaining high development speed and efficiency.
• Gloria Chow is an engineering manager by day and an ethical hacker by night. During her 10 years of industry experience, she’s worked as a security engineer and a software engineer in test and brings a unique blend of expertise to the table. Gloria has an avid interest in all things related to cybersecurity and automation and spends much time studying related topics and certifications to keep her hacking skills sharp.

Jasmine Jackson: I've Automated Everything . . . We're Done, Right? (45 minutes) - 8:50am PT | 11:50am ET | 3:50pm UTC/GMT

• You've automated your pipelines—congratulations! So we're done...right? Not quite. Jasmine Jackson dispels the assumption that automation is a silver bullet or a one-time process and discusses common pitfalls and remediation steps.
• Jasmine Jackson is the passionate owner of The Accelerated Training Program, a nonprofit organization that teaches digital literacy skills, with a cybersecurity twist, to underrepresented primary school children. She’s also an adjunct professor at the City University of Seattle and teaches additional online courses in cybersecurity. Some of her passions are application security, secure code review, and mobile hacking. In her spare time, Jasmine enjoys keeping up-to-date on security vulnerabilities by completing capture-the-flag write-ups on her blog, thefluffy007. She also creates cybersecurity education content on her YouTube channel (@thefluffy007).
• Break (10 minutes)

Stefania Chaplin: Dynamic DevSecOps—Automating Security Scans for Rapid Results (45 minutes) - 9:45am PT | 12:45pm ET | 4:45pm UTC/GMT

• In today’s technological world, the integration of security into the software development lifecycle has become crucial. Stefania Chaplin shows you how to seamlessly integrate automated security measures into the software development lifecycle, ensuring swift identification and mitigation of vulnerabilities. You’ll gain practical insights into automating security result analysis, enabling effective interpretation, and prioritization of security findings and come away with a comprehensive understanding of how DevSecOps principles and automated security measures synergistically contribute to building robust and secure software ecosystems.
• Stefania Chaplin (a.k.a. DevStefOps) is a solutions architect in DevSecOps, security training, and software supply chain management and has helped countless organizations understand and implement security throughout their SDLC. A Python developer at heart, she enjoys optimizing and improving operational efficiency by scripting and automating processes and creating integrations. She has spoken at many conferences, including RSA, Enterprise Technology Leadership Summit (formerly DevOps Enterprise Summit), Black Hat, QCon, ADDO, and Women in DevOps. When not at a computer, Stefania enjoys surfing, yoga, and looking after all her tropical plants.
• Break (5 minutes)

Malcolm Harkins: A Fool with a Tool is Still a Fool—Automation for Automation’s Sake Never Adds Real Business Value (45 minutes) - 10:35am PT | 1:35pm ET | 5:35pm UTC/GMT

• DevOps has been an industry concept for decades, but DevSecOps became the real buzz word around 10 years ago. Since then more organizations have introduced automation to streamline processes, enhance collaboration, and ensure consistent security practices across the development pipeline. But no tool, process, or procedure will help if your organization does not embrace a security culture with strict but agile security performance goals. Malcolm Harkins explains how the behavioral and cultural aspects around security are the cornerstone of improved operations and explores the mechanisms through which organizations can extract maximum value from DevSecOps automation. You’ll learn how automation facilitates continuous integration and continuous deployment, enabling rapid and iterative development cycles, and how by automating code analysis, vulnerability scanning, and testing procedures, developers can identify and remediate security flaws early in the development process, reducing the risk of breaches and minimizing the cost of addressing vulnerabilities post-deployment.
• Malcolm Harkins is chief security and trust officer at HiddenLayer and an independent board member and advisor to several organizations. Previously, he was chief security and trust officer at Cylance as well as chief security and privacy officer at Intel. Malcolm has testified before both the United States Senate Committee on Commerce, Science, and Transportation and the Federal Trade Commission on data security and the promise and perils of emerging technology. Malcolm was also a member of a task force led by the Center for Strategic International Studies to provide strategic direction and leadership for CISA’s evolving mission to protect the federal government.

Chloé Messdaghi: Closing Remarks (5 minutes) - 11:20am PT | 2:20pm ET | 6:20pm UTC/GMT

• Chloé Messdaghi closes out today’s event.