To truly empower developers to find and fix vulnerabilities within their code, it's simply not enough for security teams to shift security tools even further left. If the tool still requires developers to interrupt their workflow to perform security-related tasks, it adds cognitive load. Developers often don’t have the time or resources to add another task to their already full plates.

This session talks about the 4 Key Principles of a Dev First Security Program:

1. Change in ownership
2. Designing for the developers
3. Bringing the cloud into appsec
4. Developing your champions