You are viewing content from a past/completed QCon

Presentation: Speed The Right Way: Design and Security in Agile

Track: Security Transformation

Location: Whittle, 3rd flr.

Duration: 11:50am - 12:40pm

Day of week: Tuesday

Slides: Download Slides

Share this on:

This presentation is now available to view on

Watch video with transcript


“Blame the programmer” was an emerging theme in the security breaches of the last year placing coders and “their bugs” squarely in the security spotlight. But what is upstream of implementation bugs of causing these security issues? Application architecture and design. Effective application design is critical to application security. However, in many agile software groups, design and design processes are de-emphasized in favor of velocity metrics and developer productivity. The result is a perception of effectiveness that conceals a debt of security-related design flaws. By shifting security “left" (aka. earlier in the application development process) development teams are responsible for clear communication of design choices that impact security to security stakeholders, or risk costly rework.


In this talk, we will discuss the renewed focus of software design process and code complexity in software security.  We will discuss specific breaches and how design decisions have contributed to those events. We will describe how design review can be modernized to help improve application security.  And finally, we will discuss how to do design reviews right and elevate the quality of security design review conversations for technical and less-technical stakeholders.

Speaker: Kevin Gilpin

Enterprise Software Engineer

Kevin Gilpin is an enterprise software engineer with over 20 years of experience spanning various industries including healthcare, automotive, logistics, and life sciences. He was recently CTO of Conjur, then CyberArk Fellow following the acquisition of Conjur by CyberArk in 2017. He is a pioneer in the adoption of DevOps, cloud, and containers in the enterprise and is a founder of several open source security projects. He holds an MS in Aerospace Engineering from MIT and is an aviation enthusiast.

Find Kevin Gilpin at

Last Year's Tracks