BSidesSF 2018 - The SecDevOpronomicon (Clint Gibler)

Clint Gibler - The SecDevOpronomicon - Arcane Secrets for Scaling your Company’s Security In Victorian San Francisco, we provision fleets of servers with Chef or Puppet and push new code to production dozens of times a day, our laptops illuminated by candle light and backlit Macbook keyboards. You twirl your LED monocle and focus your attention once more on your most pressing challenge: how can you scale your company’s security efforts given the rapid pace of development with a security team outnumbered by developers 100 to 1 or more? Fear not, for I have studied countless blog posts, white papers, and conference talks the world over to aggregate and summarize their content. Further, I’ve met with security practitioners at companies ranging from startups to large enterprises to discuss their arcane practices in detail - what they’ve tried, what works, and what didn’t. Join us for an unfiltered, un-hands washed discussion of the current state of the art in SecDevOps, from publicly discussed content to pro-tips from in-person discussions with security engineers at numerous Bay Area companies. Topics will include: high value engineering efforts to solve classes of bugs, high-signal ways to use custom static and dynamic analyses, hooking into the CI/CD pipeline to find potential dangers quickly and reduce risk, and much more.