Are you asking developers to code to a higher security bar?
Are you getting increased pressure from auditors and customers to provide security evidence?
This discussion will leverage case studies of three companies that use a combination of commercial tools, home-grown code and open source tools to automate running static analysis, library analysis and other automated security tests.
Surescripts has successfully added security tools through a culture of permanent security advances.
- Security teams can learn the language of DevOps like throughput, stability and avauilability
- You can work within your culture to achieve permanent change.
- You can grow an elite team with a mix of carefully selected tools
About Robert Sullivan
Bob Sullivan is a security program leader and instructor. After programming for years in C, C++ and Java he started his career in IT Security.
Last year Bob had the chance to update security tools during a build pipeline upgrade. Bob has contributed to the OWASP WebGoat and Zed Attack Proxy (ZAP) projects. He has good experience in all phases of the software development lifecycle and most of the security domains.
He’s been educated at Wisconsin/Madison and St. Thomas/St. Paul and holds CISM, CISA, CISSP and CCSP certifications.