If there’s only enough budget to send a few devs to one AppSec conference for the year, which one would you go with? Which conference would likely be most valuable to level up DevSecOps at your org?
Sort By:
Oldest
Associate Director, IT Risk Management2 months ago
Blackhat or DEFCON ... focus on different aspects of the cybersecurity landscape with more security in-depth technical training and presentations. This can help to broader devs perspectives of the concerns and trends among security practicionersVP Cybersecurity in Banking2 months ago
I wouldn't send any of them to any conferences. I would use the money to bring in an outside expert in AppSec and do a 1 day internal training session with the entire Dev team. I would look use existing bugs / vulns from our tracking system and then walk through the security issues with the entire Dev looking and using it as a teaching moment with a code base that the devs are familiar with. I've done this previously and it had tremendous impact.Global Chief Cybersecurity Strategist & CISO in Healthcare and Biotech2 months ago
FREE ADDO ( All Day DevOps) virtual conference is a yearly event. This year it is October 10, 2024 https://www.alldaydevops.com/ Operations VP, Information Technology in Healthcare and Biotech2 months ago
It is my understanding that OWASP is the pinnacle of AppSec groups and might suggest one of their events. They also hold regional chapters similar to HIMSS. OWASP Global & Regional Events | OWASP Foundation - https://owasp.org/events/
DevOpsCon could also be a consideration.
Security & DevSecOps - DevOps Conference & Camps - https://devopscon.io/devsecops/
For training, SANS offers a course and if we are looking to get someone in I have credits available.
SEC540: Cloud Security DevSecOps Training | Cloud Application Security Course | SANS Institute
https://www.sans.org/cyber-security-courses/cloud-security-devsecops-automation/
It does not appear that Gartner themselves hold a conference with a DevSecOps learning path.