2023-10-31 –, Main Stage
It is a reality of the 2020s that, even now, there are companies who struggle to build secure software. In this talk Tess will share observations and lessons learned while implementing AppSec at three different organisations.
As "nerd for hire" Tess has helped these companies deal with security challenges, both technical and organisational. The past five years, she has helped design and implement application security programs. The goal? Bringing DevOps and Infra teams up to speed on secure development, preventing vulnerabilities and regulatory compliance.
Between management gurus, great books, pushy consulting firms and overly positive blog posts, you would get the imporession that AppSec is easy! You just need some Champions, a few trainings and some pipelines! Right?
Unfortunately the best intentions just aren't enough. In this talk I will tell you how we handled DevSecops, the mistakes we made and the lessons we learned.
Tess Sluijter-Stek often describes herself as "a Jill-of-all-trades, but master of none", as "eternal newbie" and as "nerd-for-hire". She contracts as consultant for Unixerius and she teaches Linux and DevSecOps at ITVitae.