TLC TV Episode 5: Accelerating the Developer-First Security Movement
Kicking off our first TLC TV episode of 2022, April saw us back at the Bristol studio once again, this time with our partners from Contrast Security to talk about accelerating the developer-first security movement.
While we are obviously huge supporters of virtual events, this time we had the absolute pleasure of being joined in person by Abhishek Vyas, Head of Security Consulting and Architecture at Aldermore Bank, as well as Larry Maccherone and Andrew Stickland, the Head of DevSecOps Transformation and the Director of Customer Success from Contrast Security. There was nothing quite like having these experts in the room and the conversation shows it! Our ever-charming host, Emmanuel Sonubi, was in his element and the discussion flowed effortlessly from how businesses can promote the developer-first security movement, to how Andrew was once mistaken for Paul Hollywood!
The conversation led us through the history of DevOps, how we got to where we are today, the current state of play, and how things might be improved in the future. A huge part of the challenges facing the developer-first security movement is the necessary culture change. Understanding the lifecycle of DevOps history was critical to presenting the challenges the developer-first movement is facing. Even the term DevSecOps was called into question, the Sec isn’t something to be awkwardly sandwiched in, as Larry put it:
One thing that was clear to our panel, as well as our front-row VIPs who joined the conversation virtually, DevOps and the developer-first movement is a long journey. We polled our virtual front-row on their business’ approach to DevSecOps and the results were illuminating.
The vast majority of the audience were on the path, but our panel were quick to point out that “we’re getting there” is a stage that never really ends, rather it is continuously developing. Our panel were heartened however by the number of businesses that at least recognised the need for change and had embarked on embracing a developer-first posture.
The chord that resonated most with our panellists was that the developer-first movement doesn’t need to be as complicated as it seems. Ultimately, it’s just common sense. It’s easier to teach security to a developer than it is to teach a security engineer how to develop. The burden of security needs to sit with the people most able to affect the solution, and that’s the developers. The issue is that years of neglecting the obvious has given rise to cumbersome legacy security tooling and the culture and training issues we face today.
As the show wrapped up, we heard from our panel and front-row VIPs as they tackled questions such as ‘what cultural shifts do companies need to embrace to promote developer-first?’ and ‘what frictions and delays need to be eliminated?’ All in all, an incredibly fruitful conversation that had important takeaways for everyone, no matter where they are on the road “getting there”.
The full episode is available here.