Sponsored by ZeroNorth
October 29, 2019
11 AM ET
Digital transformation involves removing the barriers to delivering value to customers. The mechanisms of digital transformation: DevOps, microservices architecture and others, simplify and speed delivery but complicate aspects of security–particularly vulnerability discovery. Yet, as firms release more and more microservices to production, and do so more frequently, the need to understand changes to the attack surface increases.
Scaling legacy vulnerability discovery techniques has proven challenging and firms have responded by taking a different approach altogether. Using data from recent surveys, ZeroNorth CTO John Steven will illustrate how, by doing well-known security activities differently and by doing fundamentally different activities, security is able to align with the modern development architectures and cultures. Specifically, we’ll address questions like: What’s the place of OSS in vulnerability discovery? What does a secure SDL and CI/CD pipeline look like? What do governance gates look like in a continuous world?
John Steven, CTO, ZeroNorth
For two decades, John led technical direction at Cigital, where he rose to the position of co-CTO. He founded spin-off Codiscope as CTO in 2015. When both firms were acquired by Synopsys in 2016, John transitioned to the role of senior director of security technology and applied research. His expertise runs the gamut of software security—from threat modeling and architectural risk analysis to static analysis and security testing. John is keenly interested in using orchestration and automation to provide security governance at the cadence of modern development. As a trusted adviser to security executives, he uses his unparalleled experience with a broad range of security tools to build and mature security programs. He has served as co-editor of the Building Security In department of IEEE Security & Privacy magazine and as the leader of the Northern Virginia OWASP chapter. John is regularly invited to speak, including keynotes at AppSecUSA and BSIMM.