Monday, February 26, 2018

Heading to SOURCE Mesa/Phoenix

This week I'm heading to SOURCE Mesa/Phoenix. While there I will present my talk: SDLC, SOC2, and other four letter words. I'll post the slides for the talk later, but you can read the abstract now:
Except for any authors of trojans that may have stumbled in accidentally, we all want to write secure applications. In spite of our sincere desires, vulnerable code gets shipped. Why? What do we do to fix it? What can we do to prevent it from happening? The answers exist in the realm of the software development life cycle, or SDLC. Various compliance vehicles (such as SOC2) exist to help us formulate an effective SDLC, but any security expert knows that checking a box does not typically yield the desired results. This talk describes the SDLC used by the agent team at Threat Stack, while also bringing in outside experiences to supplement. It also goes over pitfalls observed and lessons learned. You might not use the same tools or produce the same product, but the talk focuses on principles to make the resulting product more secure.
I'm slotted to present on day two, March 1st, at 1:10 pm. So right after lunch. Rob Cheyne interviewed me ahead of the conference to preview my talk, and you can find that on YouTube:


Sorry about the audio. I definitely have some lessons learned there for myself about getting the right equipment and prepping for the discussion a bit better.

I'll be there for both days of the main conference. I look forward to meeting new folks and learning new things!