Presentation: Speed The Right Way: Design and Security in Agile

Track: Security Transformation

Location: Whittle, 3rd flr.

Duration: 11:50am - 12:40pm

Day of week: Tuesday

Share this on:

Abstract

“Blame the programmer” was an emerging theme in the security breaches of the last year placing coders and “their bugs” squarely in the security spotlight. But what is upstream of implementation bugs of causing these security issues? Application architecture and design. Effective application design is critical to application security. However, in many agile software groups, design and design processes are de-emphasized in favor of velocity metrics and developer productivity. The result is a perception of effectiveness that conceals a debt of security-related design flaws. By shifting security “left" (aka. earlier in the application development process) development teams are responsible for clear communication of design choices that impact security to security stakeholders, or risk costly rework.
 
In this talk, we will discuss the renewed focus of software design process and code complexity in software security.  We will discuss specific breaches and how design decisions have contributed to those events. We will describe how design review can be modernized to help improve application security.  And finally, we will discuss how to do design reviews right and elevate the quality of security design review conversations for technical and less-technical stakeholders.

Speaker: Elizabeth Lawler

Co-Founder at XX Angels

Elizabeth Lawler is currently a founder at App.Land and an angel investor at XXAngels a firm which focuses on supporting women entrepreneurs in the earliest stages of startup formation. She was recently Vice President, DevOps Security at CyberArk responsible for CyberArk’s DevOps business strategy and execution. Prior to CyberArk, Lawler was CEO and co-founder of Conjur, a DevOps security company (acq. by CyberArk). Lawler has over 20 years of experience working in highly regulated and sensitive data environments.  Prior to founding Conjur, Elizabeth was Chief Data Officer of Generation Health (acq. CVS Caremark). Before entrepreneurship, Lawler held leadership positions in research at the Department of Veterans Affairs. She holds a doctorate in Epidemiology from Boston University. She is a programmer, a mom, and is active in her community assisting various non-profits. 

Find Elizabeth Lawler at

Tracks

  • Career Hacking

    Strategies for advancing the skills that advance your career. Look for mentoring, speaking, empathy, and career paths.

  • Advances in FinTech

    Finance is king in London. What's happening and what should you be paying attention to with modern #FinTech

  • Security Transformation

    How do you actually start with a security mindset? Learn techniques for making security a first-class concern.

  • Tech Ethics: The Intersection of Human Welfare & STEM

    What does it mean to be ethical in software? Hear how the discussion is evolving and what is being said in ethics today.

  • Bare Knuckle Performance

    Killing latency and getting the most out of your hardware.

  • Evolving Java & the JVM

    6 month cadence, cloud-native deployments, scale, Graal, Kotlin, and beyond. Learn how the role of Java and the JVM is evolving.