DevSecCon Boston

11-12 September 2017

Register now

Become a DevSecOps expert

DevSecCon is coming to Boston for the first time, to bring together DevOps and Security in a unique conference run by practitioners, for practitioners. Join us for two days filled with inspiring talks and interactive workshops about DevSecOps – the practice of building security into development processes. This is your chance to learn from key industry figures, meet with your peers and learn how DevOps and Security can work together to make continuously secure development a reality.


Security as code

Learn how to implement security in the overall development process – from the supply chain to the customer experience.


Expert speakers

DevSecCon features talks and workshops of leading figures in DevOps, Security and Development.


Industry insights

Find out about the latest DevSecOps technologies and innovations, and meet the companies behind them.


Interact & connect

Network with your peers in the DevSecOps community during free breakfast, lunch and networking drinks.

Sign up to receive news on DevSecCon Boston

2017 Speakers

We’re happy to announce the first set of speakers for DevSecCon Boston! More speaker details will follow soon.
If you’re interested in submitting a proposal for a talk or workshop for DevSecCon Boston, we’d be happy to hear from you.

Caroline Wong

Vice President of Security Strategy, Cobalt

Katy Anton

Application Security Consultant, CA Technologies

Jeff Williams

Co-founder & CTO, Contrast Security

Peter Chestna

Director of Developer Engagement, Veracode

Talks and workshops

Here is a list of the confirmed sessions for DevSecCon Boston. More to come soon, watch this space!

Why does Security matter for DevOps?

Caroline Wong, Vice President of Security Strategy

Security does matter, and figuring out how to go about doing it can result in brain explosion. For example, the BSIMM has a list of 110+ security controls. What are the bare minimum security controls that should be in place for any DevOps organization

There are 3 main reasons why security matters for DevOps.
Reason #1: Sales / Acquisition. A potential customer or acquirer wants to know what the company is doing about security.
Reason #2: Press. The company wants to avoid negative press headlines resulting from a security breach. Let’s think about this for a moment, though. Isn’t the reason any company cares about press because it doesn’t want bad press to affect their sales or potential acquisitions? (See: Verizon and Yahoo). So perhaps we’re back to just one reason  –  sales.
Reason #3: Compliance. The company needs to comply with PCI, HIPAA, or another requirement in order to do business or meet a customer requirement. Sounds familiar? A primary reason for compliance is to avoid slowing down… sales.
Remember when Bill Gates wrote that company-wide memo to all the employees at Microsoft talking about Trustworthy Computing? Was that for a noble cause? I suspect it was because Microsoft was starting to get questions about its security, and it didn’t want security issues to get in the way of… you guessed it, sales.

So if sales matters to companies, and security matters for sales, how does a company get started when it comes to “doing” security?

The Path of secure Software

Katy Anton, Application Security Consultant

Cyber attacks are a real and growing threat to businesses and an increasing number of attacks take place at application layer. The best defence is to develop applications where security is incorporated as part of the software development life cycle.

How can developers write more secure applications? What are the security techniques they can use while writing the software that will help them produce more secure applications ?

This talk will present the main steps that will guide developers down the path of secure software. The presentation will describe each of the security controls that can be incorporated within software development life cycle and will provide real world examples on how to solve some of the most prevalent security problems on the internet.

Recommended to all builders and security professionals interested in incorporating security techniques as part of software development cycle and building more secure applications.

Turning Security into Code

Jeff Williams, Co-founder & CTO

Security is so frustrating. Why can’t they just tell us what they need in advance instead of pointing out our mistakes after the fact. Why can’t security work the same way as quality, performance, etc… In this talk, Jeff will show you how to take control of security by turning it into code. He’ll provide real examples of how you can instrument your software for instant feedback on vulnerabilities during development and attacks in production — no scanning, no PDFs. He’ll also show how you can receive security alerts through the software toolchain you’re already using, just like any other kind of quality or performance issue. With continuous application security, you’ll fix issues early, before they get expensive. You’ll also be able to push code into production faster, without waiting for the security bottleneck. Security can be interesting and fun — let’s stop wrecking it!

From Rogue One to Rebel Alliance:
Building Developers into Security Champions

Peter Chestna, Director of Developer Engagement

There just aren’t enough security experts to go around. You have to support the multitude of Agile and DevOps teams that are making production software changes anywhere from once a month to several times a day. The lack of resources coupled with the ever increasing responsibilities can make you feel like a rouge warrior in the battle against cybercrime. What’s a security professional to do? Whether you are a team of one or five, there aren’t enough hours in the day and even if there was more budget, good luck finding someone to fill that security role. What if I told you that through careful selection and good training it is possible to build your own army from the very people who own the development process?

Register now

Super Early Bird conference passes are now available, for a limited time only! 
To register please select you ticket type and complete your registration on Eventbrite.

Super Early Bird

$250 USD

  • 2-Day Pass
  • Access to all Talks and Workshops
  • Breakfast, Lunch, Refreshments
  • Networking Drinks

Early Bird

$350 USD

  • 2-Day Pass
  • Access to all Talks and Workshops
  • Breakfast, Lunch, Refreshments
  • Networking Drinks

Standard

$500 USD

  • 2-Day Pass
  • Access to all Talks and Workshops
  • Breakfast, Lunch, Refreshments
  • Networking Drinks

Where and when

11-12 Sept 2017 | The Exchange, Boston

DevSecCon Boston will take place on 11–12th of September 2017 at the Exchange Conference Center, located in Boston’s historic Seaport District, just minutes from Logan Airport and downtown Boston (212 Northern Avenue, Boston, MA 02210)

Visit venue website

Our sponsors

DevSecCon would not be possible without the generous support from our sponsors – a big thanks to all supporters, especially to our main sponsor Black Duck! If you’re interested in conference sponsorship opportunities, please get in touch.

Photos and videos

Here are some of the highlights from our previous DevSecCon London conferences. Click below to see highlights videos, or watch the talk and workshop recordings from DevSecCon London 2016.

Watch DevSecCon videos