Pete Chestna has 25 years of experience in enterprise software development and has worked at Veracode for over 10 years. He discusses the evolution from waterfall to agile to DevOps approaches. With waterfall, quality tasks like security occurred late in the process and were unpredictable. Agile broke down silos but security initially remained separate. DevOps integrates security throughout by automating tasks, enabling zero downtime upgrades, and embedding security into definitions of done. The journey requires revolution at a micro level and evolution at a macro level through continuous improvement and empathy.
1. A Secure DevOps
Journey
P e t e C h e s t n a , D i r e c t o r o f D e v e l o p e r E n g a g e m e n t
2. • Massachusetts born and raised
– Grew up in Milford, Graduated from WPI, live in Auburn
• 25 years experience in enterprise software development
• 10+ years at Veracode
– Individual contributor
– Director of Engineering
– Director of Developer Engagement
– Certified Scrum Master & Scrum Product Owner
– 2 trillion lines of code under my (Veracode’s) belt!
About me
15. Agile – Security is not limited to automation!
Security
Champions
Security
Grooming
(Requirements
Review)
Security as part
of the Definition
of Done
Threat Modeling
Secure Code
Review
Pen Testing
Pre-Productions
Dynamic
Analysis
22. This Is Our Journey
•Revolution at the micro level
•Evolution at the macro level
Innovation
•Always constructively dissatisfied
•Hypothesize, prototype, measure
•Sharpen the saw
Continuous
Improvement
•We have been where our customers
are going
•Project Purina
Empathy
23. Thank You
w w w . v e r a c o d e . c o m
Pete Chestna: @PeteChestna