In our next Duo Tech Talk hosted on the West Coast, Slack security team members Leigh Honeywell and Ari Rubinstein will talk about how they've designed security processes to both work effectively in a high-growth organization and fit the way that developers like to operate.
Date:Tuesday, January 24, 2017
Time:6:00pm Pacific Standard Time
Venue:DG 717 (Digital Garage)
Address:717 Market St., San Francisco, CA
Ari Rubinstein has worked in multiple roles across the security industry including leading the Red Team at Salesforce, developing a Product Security program at Heroku, and now runs the Product Security group at Slack focusing on proactive identification, automation, and education programs. He enjoys participating in numerous bug bounties in his free time and has a special interest in Web Application Security. Ari has advised on security topics for multiple startups and has a Masters of Science from Carnegie Mellon University.
Leigh leads the security incident response team at Slack. Prior to Slack, she worked at Salesforce, Microsoft, and Symantec. She has co-founded two hackerspaces, and is an advisor to several nonprofits and startups. Leigh has a Bachelors of Science from the University of Toronto where she majored in Computer Science and Equity Studies.
About Duo Tech Talks
Duo Tech Talks is a monthly speaker series covering security and technology topics ranging across the spectrum of computer science and technology, including software engineering, hardware hacking, user experience design, cloud computing, programming languages, computer security, and more!
Secure Development for Snake People
Startups hear the word “process" and freak out - shipping code every day isn't optional. What if you could build a secure development process that accelerated development, instead of slowing it down? At Slack, we have - allowing our small team to distribute security work to developers, and building up their security skills from intern to senior engineer. We'll talk through the tools and processes we built - a flexible framework including a lightweight self-service assessment tool, a checklist generator, and most importantly a chat-based process that meets people where they are already working.
Together, these encourage security thinking in the tools developers already spend their time in - allowing us to effortlessly document people's thought processes around risk. By empowering developers to think about security themselves and incorporate secure practices into their own teams and workflows, we've defeated the fear of the checkbox and replaced it with new tooling and process that teams actually want to work with.