Peter Chestna
CISO of North America at Checkmarx
Auburn, Massachusetts, United States
Actions
Pete Chestna serves as the CISO of North America at Checkmarx, where he provides customers and prospects with practical advice for building successful application security programs. Bringing more than 15 years of direct AppSec practitioner experience, Pete has held roles ranging from developer and development leader to his most recent position as the Global Head of AppSec for the Bank of Montreal where he was responsible for the security of thousands of applications.
Over his years as a software engineer and engineering leader, Pete has led organizational transformations from Waterfall to Agile to DevOps and from monolith to microservice architectures. He is certified as both a scrum master and product owner. Stemming from his experience as both an avid practitioner and consultant, Pete has spoken internationally at numerous prominent security and developer conferences including DevOpsDays, All Day DevOps, OWASP AppSec, and DevSecCon.
Pete has been granted 3 patents. He enjoys whiskey tourism, astronomy, model rocketry and listening to Rush in his spare time.
Links
Area of Expertise
Topics
Cloud Engineering - Generation DevOps
Requirements on developers have shifted over the last 5 years. Team sizes are shrinking but responsibilities are growing with DevOps and accelerated SDLC. A developer must become fluent in software architecture, testing, deployment, telemetry, and even security. It is less about multi-layer and more about multi-discipline.
In this talk, Pete Chestna, CISO of North America for Checkmarx will share updates to the insights that he first shared over 4 years ago. We will discuss how the opportunities and accountability afforded to developers needs better support from employers and the vendor community. There will be practical advice to rise to the challenge.
What you will learn:
1. The change in responsibility and ownership that has occurred in application development
2. The gap that exists in the support system that is impacting your velocity
3. What developers and development leaders should do to better enable teams to succeed
What Stinks? How Developer Hygiene Impacts Security
Your personal hygiene habits can have a big impact on your life. Similarly, the way you and your team build software, aka professional hygiene, impact your company and the quality and security of your work. Difficult problems are often solved by going back to basics. Join me to explore and discuss.
Is deploying secure code to production an unnatural act or second nature?
Have we built the right muscles to react and update our applications quickly?
Most of the code in modern applications is made up of open-source components. This allows devs to focus on value-generating features and not on scaffolding and foundations. That doesn’t mean you should ignore it though. The challenge is that Open Source is not free like a lunch. It’s free like a puppy. To compound this problem, the rise of the malicious coder has made cyber attacks easier to perpetrate and harder to detect. Attacks to the OSS ecosystem and supply chain have exploded in recent years. CVEs, while still important, have become table stakes. The need for strong risk telemetry related to our open-source usage is now a critical control in Application Security.
This talk will walk through our current mismanagement of open source and how our hygiene habits impact our ability to manage and react to problems in the supply chain.
What you will learn:
• What the vulnerability landscape looks like currently
• The factors from both security and development the are contributing to the problem
• Concrete steps to take to get better
Feedback: You don’t need to be bad to get better
In DevOps, feedback is essential. Without it we do not know whether we are getting better or worse. As human beings, our guard goes up and we get defensive when we receive anything but positive feedback. In order to successfully incorporate feedback, we must change our culture. Let’s discuss how.
When coaching my three daughters and their soccer teams for over 15 years, I started each season with a discussion about my philosophy about feedback. My mantra is that you don’t need to be bad to get better. I am coaching you not because I think you’re terrible but because I see true potential in you and I want you to be better. I carry that into my professional life and the relationships with my coworkers and my teams.
We are not good at feedback, both giving and receiving. It can be uncomfortable to hear that you could have done better. It is awkward to give direct and honest feedback when the message is “you did not meet my expectations.” Usually the receiver is left feeling inadequate. The truth is that we need to change our culture such that feedback becomes a gift. A gift that is given to someone that we care about. A gift that is received from someone that we respect.
Whether the feedback is verbal or written, from a person 1:1, from your teammates during a retrospective or information from your tools or pipelines, it should be embraced for your journey of continuous improvement. It is mandatory for a learning organization. It is imperative for Agile and DevOps! There are some important guidelines that should be followed for this to be successful and I will go into them in depth.
Let’s change our attitudes about feedback and embrace the learning!
Peter Chestna
CISO of North America at Checkmarx
Auburn, Massachusetts, United States
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top