Felix donned many different hats and worked for a handful of startups and corporates. He currently works as a Sr. Security Architect at Xero, and raises axolotls in his spare time.
They say history is a perpetual cycle of technological, procedural, and cultural shifts; In some ways, the world of application security is no different. In this talk I intend to cover the changes in the web application security (AppSec) space over the past ten years. Hopefully there will be some practical tips for growing your own AppSec program.
No prior security knowledge required.
So you've just read this great literature on building Security into your DevOps pipeline and can't wait to introduce it to your colleagues. What could possibly go wrong?
This talk is focused on the challenges involved with integrating security components in an existing DevOps
pipeline. What are they? How can you introduce them without breaking your bank or your manager's sanity?
In this talk we'll run through a real-world example of building a poor man's DevSecOps pipeline from scratch. Then we'll look at the options and techniques available to developers and managers to ensure that the finished product will be a little bit more secure.
