Flowcon SF 2014, September 3-4 San Francisco, California
Leigh Honeywell, TweetPlatform Security Engineer, Heroku
Biography: Leigh Honeywell
Leigh is a Security Engineer at Heroku, a Salesforce.com company. Prior to Heroku, she worked at Microsoft, MessageLabs/Symantec, and Bell Canada. Her career has included everything from stringing cable and building phone systems to responding to some of the most critical computer security incidents in industry history, shipping software to a billion people, and protecting infrastructure running a million apps.
Her community work includes founding the HackLabTO hackerspace in Toronto, Canada, and the first feminist hackerspace, the Seattle Attic Community Workshop, as well as advising countless others and speaking about hackerspace cultures, collaboration, and open source software. She is now a member of the Double Union women's hackerspace in San Francisco. She is an administrator of the Geek Feminism wiki and blog, and adviser to the Ada Initiative, and the SECTor security conference in Toronto. Leigh has a Bachelors of Science from the University of Toronto where she majored in Computer Science and Equity Studies.
Her community work includes founding the HackLabTO hackerspace in Toronto, Canada, and the first feminist hackerspace, the Seattle Attic Community Workshop, as well as advising countless others and speaking about hackerspace cultures, collaboration, and open source software. She is now a member of the Double Union women's hackerspace in San Francisco. She is an administrator of the Geek Feminism wiki and blog, and adviser to the Ada Initiative, and the SECTor security conference in Toronto. Leigh has a Bachelors of Science from the University of Toronto where she majored in Computer Science and Equity Studies.
Twitter: @hypatiadotca
Presentation: TweetBuilding Secure Cultures
Time:
Wednesday 11:15 - 11:45
/
Location:
Metropolitan 1
In a continuous delivery world, monolithic checkpoint-constrained secure development processes are impractical. In this talk, I will share my experience of going from such a monolithic process at Microsoft, to building out a secure development practice at Heroku that met the needs of developers who ship every day, while also holding us to the high bar our customers expect. I'll share the tools we've integrated into our process, the things we learned from responding to external vulnerability reports, and the ways we've built a culture where developers and security engineers have each others' backs.