Craig Dent
Senior Solutions Engineer - Snyk APJ
Sydney, Australia
Actions
Craig Dent works as a Senior Solutions Engineer for Snyk APJ, helping developers adopt cloud native technologies, while empowering them to stay secure.
He has 20+ years of experience working in senior presales, customer success and solutions architecture roles with global software vendors and start-ups, both proprietary and open source, delivering on-premise and cloud-based solutions. He provides technical and strategic advice with regard to security for public cloud, code, open source, IaC and container.
Links
Area of Expertise
Topics
Can we (really) trust Developers to handle security?
To truly empower developers to find and fix vulnerabilities within their code, it's simply not enough for security teams to shift security tools even further left. If the tool still requires developers to interrupt their workflow to perform security-related tasks, it adds cognitive load. Developers often don’t have the time or resources to add another task to their already full plates.
This session talks about the 4 Key Principles of a Dev First Security Program:
1. Change in ownership
2. Designing for the developers
3. Bringing the cloud into appsec
4. Developing your champions
Policy at the Core: Infusing DevOps with Security
Policy as Code in DevSecOps is about treating security and compliance policies with the same level of automation, integration, and version control as application code.
Agenda:
- Background
- What are we trying to solve?
- Application + Cloud Vulnerabilities
- Conftest - Strategy at scale
- Putting it into practice
- Q & A
Unsolved Problems in Application Security
The discipline of AppSec has evolved tremendously since the founding of OWASP in 2001. As software development methodologies have advanced, AppSec has struggled to keep pace with innovation.
Some foundational issues, like reliable SCA, have now been solved by the industry. But certain thorny problems, like software attestation, risk-based prioritization, SAST accuracy, and DAST correlation, remain elusive.
Join our session for a discussion of the current state of application risk management and the unsolved issues that still limit the full potential of developer-focused security.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top