Developing software that changes the world, exceeds customer expectations, provides turn-key functionality in diverse scenarios while meeting security and compliance requirements is the holy grail of Security Development Operations (SECDEVOPS). There are thousands of variables that need to be constantly addressed to find the balance that delivers sustainable and secure success. In this session, WitFoo’s chief engineers will outline an innovative approach to secure devops called Metric Driven Development. It will cover the following topics:
– Creating a metric collection infrastructure to alert on security and functionality deficiencies
– Utilizing metrics to write optimized unit and system tests
– The optimal value of code coverage, application pen-testing and static code analysis
– Integrating metrics into customer support evolutions
– The place of containerization in SECDEVOPS
– Build metric driven use cases from hypothesis to pivot
By the conclusion of the session, attendees will have the tools necessary to implement lean and effective development pipelines that deliver secure and useful code in a fraction of the time and at a fraction of the development cost.
- Creating a metric collection infrastructure to alert on security and functionality deficiencies
- Utilizing metrics to write optimized unit and system tests
- The optimal value of code coverage, application pen-testing and static code analysis
About Charles Herring
Charles Herring’s dedication to maturing the craft of information security is built on a diverse career path across the industry. He started his career in infosec in the U.S. Navy in 2002 serving as the network security officer at the U.S. Naval Postgraduate School. After leaving active duty, he was the contributing product reviewer for InfoWorld magazine focusing on network security products. Herring spent seven years running Herring Consulting, a company dedicated to process orchestration, data sharing and marketing. In 2012, he joined the Lancope team as a pre-sales engineer, promoted to consulting security architect and later as strategic account manager following the acquisition of Lancope by Cisco. In 2014, Herring partnered with veterans of the military, law enforcement and cybersecurity to research new approaches to improve the craft of cybersecurity operations. In 2016, that research resulted in the forming of WitFoo.
About Ryan Self
Ryan enjoys bringing a pragmatic approach to solving big problems in diverse domains. His career started in the US Navy in 1999, getting the opportunity to serve his country while also developing skills in the IT industry. From 2000-2004, he served aboard the aircraft carriers USS Theodore Roosevelt, USS Nimitz, and USS Ronald Reagan, as an early crew member during the latter’s construction (a “plank owner”). In 2004, he joined the Network Security Group at the Naval Postgraduate School in Monterey, CA. During that time, he developed a passion for computer programming and decided to make that his main avenue to contribute throughout the remainder of his career. After leaving active duty in 2007, Ryan attended the University of California, Santa Cruz, primarily studying the Mathematics and Philosophy of formal logic and language and their applications within Computer Science. Immediately following graduation in 2010, Ryan jumped headfirst into the startup world, joining Baynote, a perso