OWASP 2024 Global AppSec San Francisco

Despite the hype surrounding DevSecOps, the reality is starkly different: reported issues remain unresolved, SLAs are neglected, and the role of security champions is reduced to basic training sessions. 


This talk examines the shortcomings of the current DevSecOps maturity model and its failure to drive substantial improvements in security practices. We will discuss the cultural shifts needed to instill a security-first mindset, emphasizing the importance of guiding teams effectively. 


By empowering security champions with meaningful responsibilities and integrating advanced technologies for automated and proactive security measures, we can transform the theoretical promises of DevSecOps into a practical framework that genuinely addresses and fixes security vulnerabilities. 


Join us to explore actionable solutions and strategies for bridging the gap between DevSecOps hype and reality.