Lessons Learned from the DevSecOps Trenches

Explore insights from a panel discussion featuring senior security team members from Dropbox, Netflix, Datadog, DocuSign, and Signal Sciences as they share lessons learned from scaling AppSec programs in DevSecOps environments. Gain practical advice on high-ROI security engineering efforts, effective tools and processes, common pitfalls, and actionable strategies to immediately improve your organization's security posture. Learn how to balance rapid development cycles with robust security measures, automate security processes, foster developer adoption, and align security interests with business goals. Discover the importance of communication, team structure, and strategic role placement in building successful security programs.

Introduction
Introductions
How are security teams structured
Doug DePerry
Clint Gibbler
Poll
Code Blocks
Customizing Checks
Static Analysis
Adoption
Partner
grep vs static analysis
Failures
What didnt work
Vendor Questionnaire
Netflix Talks
Mike Talks
Analysis Paralysis
Security Automation
Wrapper Libraries
Dont Scale
Getting Adoption
Processes
Solutions
Aligning interests
Put people in right roles
Communication helps
Healthy attrition
Unique to security
Alumni
Netflix
Data Security
Advice
Automate
Developer Productivity
Dont Overthink