OWASP 2022 Global AppSec San Francisco has ended
Global AppSec San Francisco returns November 14-18.

Designed for private and public sector infosec professionals, the two-day OWASP conferences equip developers, defenders, and advocates to build a more secure web. We are offering educational 1-day, 2-day, and 3-day training courses on November 14-16.

Join us for leading application security technologies, speakers, prospects, and the community, in a unique event that will build on everything you already know to expect from an OWASP Global Conference.
Back To Schedule
Friday, November 18 • 10:30am - 11:30am
The Work to Not Work: The Manual Labor of Automation

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Make no mistake, secure development relies on automation. In a DevSecOps culture, having scalable, reliable tools and processes are the only way to make DevSecOps a reality. Creativity and technical chops are lauded for their ability to bring magic from the machines. However, is anyone in charge of making sure that your organization is automating the right things? How much attention is being paid towards supporting that automation across an Enterprise? The security is baked in, right? It may just be possible to focus so heavily on automation and tools that disparate teams lose sight of the bigger picture.

This talk discusses the pitfall that many organizations trip into all too readily. By focusing forcefully or narrowly on automation, an organization can find itself creating technical debt, waste, and classically unsupportable support systems. We utilize two real-world case studies to clearly demonstrate classic automation problems and propose functional solutions. Audiences will come away with data-driven DevSecOps security management techniques as well as how to recognize and accept the trade-offs in a secure DevSecOps culture. This includes how to avoid creating new, unintended, invisible stove-pipe problems, drawing from our 25+ years of experience in the military and commercial spaces. Finally, we explore methods to find these opportunities, track meaningful metrics, and recognize when you’ve fallen over the edge.

avatar for Joshua Bregler

Joshua Bregler

Head of Information Security, McKinsey & Company
Joshua Bregler is the Head of Information Security for McKinsey Digital at McKinsey & Company. Prior to McKinsey, Josh was the DoD Security Architect at Amazon Web Services (AWS). Prior to AWS, Josh was the Principal Cloud Assessor for Air Force Weapons and C2 Systems. As a Marine... Read More →
avatar for Corbin Moyer

Corbin Moyer

Principle DevSecOps Architect, Beyond Mission Capable Solutions, LLC
Corbin is the Principle DevSecOps Architect for Beyond Mission Capable Solutions, LLC. He is responsible for creating sustainable Enterprise-wide processes for Government and Industry DevSecOps organizations. Prior to being an Architect, he was a Senior Software Security analyst for... Read More →

Friday November 18, 2022 10:30am - 11:30am PST
Bayview A