Hi all! Michigan is freezing, so we're taking Duo Tech Talks from the Best Coast to the West Coast with our next talk in San Francisco.
Leigh Honeywell and Fikrie Yunaz will repping the Slack security team and will talk about how they've designed security processes to work effectively in a crazy-high-growth organization, that fit the way that the developers actually like to operate.
Food, beer, and mingling will start at 6:00pm PST. See you there!
Secure Development for Snake People
Startups hear the word “process" and freak out - shipping code every day isn't optional. What if you could build a secure development process that accelerated development, instead of slowing it down? At Slack, we have - allowing our small team to distribute security work to developers, and building up their security skills from intern to senior engineer. We'll talk through the tools and processes we built - a flexible framework including a lightweight self-service assessment tool, a checklist generator, and most importantly a chat-based process that meets people where they are already working. Together, these encourage security thinking in the tools developers already spend their time in - allowing us to effortlessly document people's thought processes around risk. By empowering developers to think about security themselves and incorporate secure practices into their own teams and workflows, we've defeated the fear of the checkbox and replaced it with new tooling and process that teams actually want to work with.
Leigh leads the security incident response team at Slack. Prior to Slack, she worked at Salesforce, Microsoft, and Symantec. She has co-founded two hackerspaces, and is an advisor to several nonprofits and startups. Leigh has a Bachelors of Science from the University of Toronto where she majored in Computer Science and Equity Studies.
Fikrie Yunaz is a Staff Product Security Engineer at Slack. He is a security enthusiast and loves breaking web applications. He specializes in the area of application security. He was previously a Security Engineer at Oracle. He holds a MS in Security Informatics from Johns Hopkins University.
Livestream on youtube: https://duo.sc/techtalk-jan-2017
Claim the event and start manage its content.I am the organizer