Secure Development for Snake People – Leigh/Ari of Slack – Duo Tech Talk
Startups hear the word “process” and freak out – shipping code every day isn’t optional. What if you could build a secure development process that accelerated development, instead of slowing it down? At Slack, we have – allowing our small team to distribute security work to developers, and building up their security skills from intern to senior engineer. We’ll talk through the tools and processes we built – a flexible framework including a lightweight self-service assessment tool, a checklist generator, and most importantly a chat-based process that meets people where they are already working. Together, these encourage security thinking in the tools developers already spend their time in – allowing us to effortlessly document people’s thought processes around risk. By empowering developers to think about security themselves and incorporate secure practices into their own teams and workflows, we’ve defeated the fear of the checkbox and replaced it with new tooling and process that teams actually want to work with.
Ari Rubinstein has worked in multiple roles across the security industry including leading the Red Team at Salesforce, developing a Product Security program at Heroku, and now runs the Product Security group at Slack focusing on proactive identification, automation, and education programs. He enjoys participating in numerous bug bounties in his free time and has a special interest in Web Application Security. Ari has advised on security topics for multiple startups and has a Masters of Science from Carnegie Mellon University.
Leigh leads the security incident response team at Slack. Prior to Slack, she worked at Salesforce, Microsoft, and Symantec. She has co-founded two hackerspaces, and is an advisor to several nonprofits and startups. Leigh has a Bachelors of Science from the University of Toronto where she majored in Computer Science and Equity Studies.
via YouTube https://youtu.be/eBwluaTaenI