The Open Web Application Security Project (OWASP) Los Angeles Chapter is teaming up with the Orange County, San Diego, SF Bay Area, and the Inland Empire chapters to bring you the FIFTH Annual AppSec California. The event is a one of a kind experience for information security professionals, developers, and QA and testing professionals, as they gather at the beach from around the world to learn and share knowledge and experiences about secure systems and secure development methodologies.

One and Two-day training sessions on various subjects by expert trainers kick off the conference on January 28th. World renown speakers follow on days three and four.

There will be four concurrent tracks throughout the day on both January 30 and 31, addressing a variety of topics to enhance knowledge.

Back To Schedule
Wednesday, January 31 • 3:00pm - 3:50pm
We Come Bearing Gifts: Enabling Product Security with Culture and Cloud

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Abstract :
What would it look like if security never had to say “no”?

This talk explores that counter-intuitive premise, and shows how it is not just possible but *necessary* to discard many traditional security behaviors in order to support modern high-velocity, cloud-centric engineering teams. For the product security team at Netflix, this is the logical implication of a cultural commitment to enabling the organization.

Attendees will learn how to replace heavy-handed gating with an automation-first approach, and build powerful security capabilities on top of cloud deployment primitives. Specific examples including provable application identity, immutable and continuous deployment, and secret bootstrapping illustrate how this approach balances security impact with engineering enablement.

avatar for Astha Singhal

Astha Singhal

Application Security Lead, Netflix
Astha Singhal currently leads the Application Security team at Netflix. Prior to this, she managed the Salesforce AppExchange Security Review as a Senior Manager on Product Security. She is a security engineer by qualification who is passionate about proactive security and developer... Read More →
avatar for Patrick Thomas

Patrick Thomas

Senior Application Security Engineer, Netflix
Patrick Thomas is a professional breaker of software with a tremendous amount of love for the builders. He started as a developer, spent years as a penetration tester, and has now found a home in the middle improving appsec as a Senior Application Security Engineer at Netflix. He... Read More →

Wednesday January 31, 2018 3:00pm - 3:50pm PST
Club Room