INTERFACE by apidays 2023 - The New Developer Dance, Grace Francisco, Pangea

Transcript

1. The New Developer Dance GRACE FRANCISCO | CMO & Head

   of Developer Relations
2. None

3. Hello! Let’s dance!!! 80s ©2023 Grace Francisco @gracefr @pangeacyber

4. Shift Left, Shift Left, Slide Right 80s ©2023 Grace Francisco

   @gracefr @pangeacyber
5. None

6. Hi, I’m Grace Francisco Started my career as a software

   engineer at Lotus for IBM Became a developer evangelist for first-ever offering of Microsoft enterprise developer suite. Led developer relations for a variety of different companies across enterprise, fintech, consumer and gaming industries CMO and Head of DevRel for first Security Platform as a Service (SPaaS) for developers

7. The New Developer Dance Production SHIFT LEFT OF LEFT =

   CODE! Security! Design Development Integration Testing Staging Security! Security! SHIFT LEFT = MONITORING AND TESTING

8. Happy Day in the Life of a Developer @gracefr @pangeacyber

9. How many of you have had to deal with a

   security issue? Padlocks ©2023 Grace Francisco @gracefr @pangeacyber

10. Software development is still ignoring security. That needs to change

    fast.

11. Bad software cost US businesses $2.41 trillion in 2022

12. How many of you submitted code that might not be

    secure? Church ©2023 Grace Francisco @gracefr @pangeacyber

13. Do you think that you leave vulnerabilities in your code?

    48% Yes 33% No 33% It depends on the project 67% of developers admit to shipping code with vulnerabilities Source: Secure Code Warrior - The challenges (and opportunities)to improve software security (2023)

14. It’s not going to happen to me! Hackers are getting

    faster at exploiting zero-day flaws.

15. Have you dealt with PII? Crown Jewels ©2023 Grace Francisco

    @gracefr @pangeacyber

16. Have you dealt with GDPR? Crown Jewels ©2023 Grace Francisco

    @gracefr @pangeacyber

17. Personal impact of Data Breach Financial, reputational, health, and safety

18. Fast food held hostage Jan 18

19. Ransomware trends With the ransomware being contained to a third

    of Yum! Brands UK outlets and the downtime being limited to 1 day – Yum! Brands have done relatively well recovering. The average amount of downtime for organizations when hit by Ransomware is approximately 24 days. Although the unnamed threat actors stole the company’s data, Yum! believes that at this stage, there is no evidence that customer databases were stolen.” “ MORTEN GAMMELGARD EVP, EMEA at BullWall

20. 83 days later…

21. MTTR = 58 Days!

22. Colonial Pipeline Ransomware Attack – May 2021

23. Colonial Pipeline Disruption–U.S. East Coast

24. Imagine Colonial Pipeline Disaster in Winter

25. A 'Worst Nightmare' Cyberattack: The Untold Story Of The SolarWinds

    Hack

26. Nightmare before Christmas: What to know about Log4j vulnerability

27. Sad Days @gracefr @pangeacyber

28. Cybersecurity Landscape

29. None

30. According to ChatGPT In 2021, it is likely that there

    were thousands of different cybersecurity solutions available to detect software flaws. These solutions could include vulnerability scanners, intrusion detection systems, network security solutions, and more.” “

31. ChatGPT writing about ChatGPT’s Security Concerns

32. @gracefr @pangeacyber "Drowning In Bricks" by Walter Benson is licensed

    under CC BY-SA 2.0.

33. @gracefr @pangeacyber Bugatti ©2023 Grace Francisco

34. Cybersecurity & Infrastructure Security Agency Consumer safety must be front

    and center in all phases of technology product lifecycle–with security designed in from the beginning.” “ JEN EASTERLY Director, Cybersecurity & Infrastructure Security Agency

35. Secure by Design Principles Companies, of course, are working towards

    building secure products, but [are they] really thinking about how they take true ownership of the security outcomes of their customers,” Bob Lord, senior technical advisor at CISA, told Cybersecurity Dive in an interview. “It’s a mindset change that will need to trickle down throughout the entire organization.” “ Source: https://www.cybersecuritydive.com/news/software-debate-cisa-security/647698/

36. Consider this • Educate and continuously learn - use solutions

    like Secure Code Warrior • Lead the Culture Shift ◦ Make security top of mind for you and your fellow devs ◦ “Security is Safety” - Jen Easterly ◦ Learn through every retro and incident response ◦ Women are especially suited for this

37. Consider this • Use solutions throughout the development cycle but

    especially the beginning ◦ Design with security in mind ◦ Start with practice in code ◦ Meet developers where they are with solutions like Pangea which enables security functionality in code through API calls

38. Start Delivering Secure User Experiences • Pangea.cloud is free to

    start • Join us on our Slack channel for any q’s

39. Remember to Dance! Shift Left, Shift Left, Slide Right 80s

    ©2023 Grace Francisco @gracefr @pangeacyber

40. The New Developer Dance Shift Left Continuously monitor and test

    for threats Shift Left of Left Secure by Design Secure by Default Slide Right Coding Groove 80s ©2023 Grace Francisco @gracefr @pangeacyber

41. Thank You!

42. None