AWS re:Invent 2022
Dev First Security from Code to Cloud and Back to Code Prt291

Title

AWS re:Invent 2022 - Dev-first security: From code to cloud, and back to code (PRT291)

Summary

  • Ravi Myra from Snyk discusses the importance of Dev-first security in modern application development.
  • The talk highlights the challenges of scaling security with the growing number of developers versus the limited number of security professionals.
  • The session covers the shift from traditional security models to Dev-first security, emphasizing the role of developers in securing their code.
  • Four key steps to move towards a Dev-first security practice are outlined:
    1. Changing the ownership model to make developers responsible for security.
    2. Designing security programs that work for developers.
    3. Ensuring a comprehensive approach that covers code to cloud and back to code.
    4. Scaling security teams by identifying and empowering security champions within the development teams.
  • Omar Pirzada from Neiman Marcus shares his company's experience with cloud migration and implementing Dev-first security practices.
  • The talk concludes with insights on integrating security into the development process and leveraging AWS services and Snyk's offerings.

Insights

  • The ratio of developers to security professionals is heavily skewed, necessitating a new model for security that empowers developers to secure their own code.
  • Dev-first security is not just about shifting security left in the development process but about fundamentally changing the approach to security.
  • The concept of Dev-first security is rooted in the idea that developers are the first line of defense and should be equipped with the right tools and knowledge to secure their applications.
  • Neiman Marcus's journey to the cloud and adoption of Dev-first security practices highlights the importance of starting with basic cyber hygiene and gradually integrating security tools like Snyk into the development process.
  • The discussion with Omar Pirzada emphasizes the need for a risk-based approach to security, focusing on the most critical vulnerabilities and empowering developers to take ownership of security.
  • The integration of security tools into existing developer workflows and the use of AWS services can streamline the adoption of Dev-first security practices.
  • Snyk's free tier offering for individual developers and its integration with AWS services, including AWS Inspector, demonstrates the company's commitment to making security accessible and developer-friendly.
Detecting Ssrf Events on Aws Using Splunk Prt325Developers Do Care about Security Building a More Collaborative Path Prt274