Session Name: What Product Security Really Means - From Theory to Practice
We often hear the words security, application security, and product security tossed around - but what does this really mean in practice? When we think about how we embed product security from the early stages of design, what do we really need to look at to get it right? If we take a look at today's products they are comprised of several layers of application and business logic, each layer has its own set of considerations and controls for applying and embedding product security. This talk will focus on the different engineering layers of today's products - the infrastructure, runtime, code, pipelines, and third-party application integrations, as well as the peripheral business and security operations. With these layers in mind it is most certainly possible to apply security controls based on highly recommended open source projects that every developer should know about. This talk will walk you through which tools are right for which job, and good ways to automate security from your very first line of code.
Currently CPO and Co-Founder of Jit, the Continuous Security Platform for Developers. Aviram is a software engineer at heart that moved to the "dark side" of Product Management. Aviram has more than 20 years of hands-on experience in engineering and has held senior managerial roles in both engineering and product management organizations, working for leading organizations such as CyberArk & SentinelOne. He always strives to create great products that users love. Thanks to his engineering background, Aviram is on a constant journey to create high-velocity product and engineering teams that work together as one team. Aviram holds B.Sc & M.Sc in Computer Engineering, MBA and MA in Law.