While security teams still struggle to understand DevOps, the development teams live their dream of freedom within this developer centric environment. But with freedom comes responsibility. As a team you are responsible for your applications, from cradle to grave. You choose your tools, to build, test and deploy. Security tries to keep up, keep pushing in security, we heard it all: DevSecOps and shift left, shift right, shift everywhere.. Regardless of everything, whatever you do, at the end it is your code, your responsibility! Responsibilities require abilities. This talk will remove 'finger pointing', blaming and shaming and substitute by adding common sense and best practices regarding responsible and abilities for professional software development, the DevOps way.
Martin Knobloch, Global AppSec Strategist with Fortify, part of OpenText, is a long-time security leader with more than 25 years of experience in the field of IT and +15 in Cyber security. With a background in software development and architecture, his focus is on software security. Martin is actively involved in OWASP where he is a frequent contributor to various projects and initiatives. Martin is taking part in the organizing of local and global OWASP conferences and served more than 5 years as a member of the Board of Directors, two of them as Chairmen of the board. During his career, Martin has been a recognized teacher, guest lecturer at various universities and invited speaker and trainer at local and international software development, testing and security conferences throughout the world.