Marissa Nishimoto

Your company has grown and has hired a security team, or a security person. We’re done, right? Everything is secure? Clearly, this is not the reality. Integrating security into development and operational practices is an ongoing, iterative process, and DevSecOps will look different across organizations. So no, you can’t just buy the same tools as everyone else and unlock the security achievement.

Effective DevSecOps is about recognizing where different functions add unique value and optimizing around that in order to continuously improve security of your products with the ultimate goal of keeping your customers and your company safe. In this talk, I’ll share some ways to more effectively utilize your security team and where automation can help you and your security team scale together.

The goal of this talk is to provide you with some tools to meaningfully discuss security improvements and give you options for where to start making immediate progress. I’ll be sharing some of the pitfalls I’ve experienced, including where automation can hinder your progress. I will also talk about how I think about prioritization of security improvements and share my perspective as a security engineer.