Here is a list of all the content that has been tagged as workshop.
Few organisations understand the secrets of shifting the focus on security from late in the software development life-cycle to within the Development Team.
Not only does this significantly reduce the number of security defects being pushed to your production systems, but also significantly reduces the total cost of development.
Cheapest place to deal with defects There have been many studies specifically looking at the costs of finding and fixing defects early, as opposed to the planning of how to fix defects once the product is delivered, or not planning at all.
Kim will explain the roles of ’T’ shaped professionals, including placement of security champions to create your purple Development Teams.
We will work through how to implement the Sensible Security Model (SSM) within each and every Sprint, including:
Creating actionable countermeasure Product Backlog Items Integrating them into the same Product Backlog that your Development Team has been pulling business focussed items from Ordering them based on the risk ratings you create for each Kim will discuss how and where Agile Development Teams often fail, along with how to succeed with security with a familiar anecdote.
Kim will then discuss and demo a set of light weight processes, practises and tools, that when combined have proven their value in:
Aiding high throughput (reducing time to market) Significantly increasing quality (finding and removing bugs) Without de-scoping and all while reducing total project cost (fact). If this sounds like breaking the laws of physics, or too good to be true, then this workshop is for you.
The content is aimed at software engineers to teach them how to think holistically about security. The theme that runs through the training, and the book, is pulling the security focus that’s usually left until the end of the project or “go live” right into each Sprint. Baking security into the product from the cheapest possible place. Thus saving large amounts of money due to re-work and business asset loss. Kim will be teaching attendees a very simple threat modelling process initially blue printed by one of the best security experts the world has known, Bruce Schneier, then how to apply that process to a 10,000′ view and lower for a collection of areas:
Kim Carter has developed a strong track record as a technology architect and information security professional over 15 years. He is a Chapter Leader of the Open Web Application Security Project (OWASP) NZ and a Certified Scrum Master. Kim enjoys facilitating and motivating cross-functional, self-managing teams. You’ll find the insights from Kim’s talk in his new book, Holistic Infosec for Web Developers.
NodeConf gives you unparalleled access to top thought leaders like Kim Carter.