Larry Maccherone

Senior Director, DevSecOps Engineering

Contrast Security


Using the Transformation Blueprint to Launch Your Own Developer-First Security Program

There is the way development teams really function and there is the way security believes development teams function. In most organizations, the two don’t match.

The security folks start with standards like NIST, SANS, OWASP, PCI, etc. written by folks who haven’t written code in decades. Attempting to get development teams to adopt them as-is leads frustration, resistance, and false starts.

The developers #1 priority is delivering value in the form of new or upgraded software capability to their users. Rather than seeing speed OR quality/security as tradeoffs against each other, they know that automated checks lead to faster value delivery AND higher quality/security.

This workshop brings both groups together in one room, facilitates them to stop talking past each other, and instead to collaborate on practices that developers will love to adopt while still providing the intended security risk reduction. We won’t get all the way there in the time we have at this conference but the half-day version of this workshop results in an actionable plan that both engineering and security wholeheartedly support.