You are viewing content from a past/completed QCon

Presentation: Speed The Right Way: Design and Security in Agile

Track: Security Transformation

Location: Whittle, 3rd flr.

Duration: 11:50am - 12:40pm

Day of week: Tuesday

Share this on:

This presentation is now available to view on InfoQ.com

Watch video with transcript

Abstract

“Blame the programmer” was an emerging theme in the security breaches of the last year placing coders and “their bugs” squarely in the security spotlight. But what is upstream of implementation bugs of causing these security issues? Application architecture and design. Effective application design is critical to application security. However, in many agile software groups, design and design processes are de-emphasized in favor of velocity metrics and developer productivity. The result is a perception of effectiveness that conceals a debt of security-related design flaws. By shifting security “left" (aka. earlier in the application development process) development teams are responsible for clear communication of design choices that impact security to security stakeholders, or risk costly rework.

 

In this talk, we will discuss the renewed focus of software design process and code complexity in software security.  We will discuss specific breaches and how design decisions have contributed to those events. We will describe how design review can be modernized to help improve application security.  And finally, we will discuss how to do design reviews right and elevate the quality of security design review conversations for technical and less-technical stakeholders.

Speaker: Kevin Gilpin

Enterprise Software Engineer

Kevin Gilpin is an enterprise software engineer with over 20 years of experience spanning various industries including healthcare, automotive, logistics, and life sciences. He was recently CTO of Conjur, then CyberArk Fellow following the acquisition of Conjur by CyberArk in 2017. He is a pioneer in the adoption of DevOps, cloud, and containers in the enterprise and is a founder of several open source security projects. He holds an MS in Aerospace Engineering from MIT and is an aviation enthusiast.

Find Kevin Gilpin at

Tracks

  • Architectures You've Always Wondered About

    Hard-earned lessons from the names you know on scalability, reliability, security, and performance.

  • Machine Learning: The Latest Innovations

    AI and machine learning is more approachable than ever. Discover how ML, deep learning, and other modern approaches are being used in practice.

  • Kubernetes and Cloud Architectures

    Learn about cloud native architectural approaches from the leading industry experts who have operated Kubernetes and FaaS at scale, and explore the associated modern DevOps practices.

  • Evolving Java

    JVM futures, JIT directions and improvements to the runtimes stack is the theme of this year’s JVM track.

  • Next Generation Microservices: Building Distributed Systems the Right Way

    Microservice-based applications are everywhere, but well-built distributed systems are not so common. Early adopters of microservices share their insights on how to design systems the right way.

  • Chaos and Resilience: Architecting for Success

    Making systems resilient involves people and tech. Learn about strategies being used, from cognitive systems engineering to chaos engineering.

  • The Future of the API: REST, gRPC, GraphQL and More

    The humble web-based API is evolving. This track provides the what, how, and why of future APIs.

  • Streaming Data Architectures

    Today's systems move huge volumes of data. Hear how the innovators in this space are designing systems and leveraging modern data stream processing platforms.

  • Modern Compilation Targets

    Learn about the innovation happening in the compilation target space. WebAssembly is only the tip of the iceberg.

  • Leaving the Ivory Tower: Modern CS Research in the Real World

    Thoughts pushing software forward, including consensus, CRDT's, formal methods & probabilistic programming.

  • Bare Knuckle Performance

    Crushing latency and getting the most out of your hardware.

  • Leading Distributed Teams

    Remote and distributed working are increasing in popularity, but many organisations underestimate the leadership challenges. Learn from those who are doing this effectively.

  • Full Cycle Developers: Lead the People, Manage the Process & Systems

    "Full cycle developers" is not just another catch phrase; it's about engineers taking ownership and delivering value, and doing so with the support of their entire organisation. Learn more from the pioneers.

  • JavaScript: Pushing the Client Beyond the Browser

    JavaScript is not just the language of the web. Join this track to learn how the innovators are pushing the boundaries of this classic language and ecosystem.

  • When Things Go Wrong: GDPR, Ethics, & Politics

    Privacy, confidentiality, safety and security: learning from the frontlines, from both good and bad experiences

  • Growing Unicorns in the EU: Building, Leading and Scaling Financial Tech Start Ups

    Learn how EU FinTech innovators have designed, built, and led both their technologies and organisations.

  • Building High Performing Teams

    To have a high-performing team, everybody on it has to feel and act like an owner. Learn about cultivating culture, creating psychological safety, sharing the vision effectively, and more

  • Scaling Security, from Device to Cloud

    Implementing effective security is vitally important, regardless of where you are deploying software applications.