Soo, it’s been my first talk about #DevSecOps at such scale and it’s been a fantastic experience. It’s even better when a couple of encouraged attendees reached out to me and said they’ll try it out at their companies and get their hands dirty in security engineering.
That’s the beauty of it all. Not only you’re given a chance to have a ton of fun while presenting and interacting with the community, but you can also have an actual, tangible effect on a way the audience and companies do things.
Key take-aways from this talk:
- What is a culture of DevSecOps and how do you implement one in your company for better productivity and lower friction between departments
- The need for automated and agile security testing is a fact, not a wonder anymore
- Software engineers and SysAdmins should be as close to security as possible
- External security teams and on-demand penetration testing alone hardly scale and aren’t the most cost-effective approaches
- Why each organisation needs internal security processes AND penetration tests AND bug bounty programs
- What tools can be used to get yourself started
Thank you all for the wonderful experience and the support I’ve received. All the best, and let’s keep on grinding!