Marisa Fagan
Marisa Fagan is Head of Product at a “security champions as a service” startup called Katilyst. She works on building security into the SDLC and empowering developers to own secure code. Previously, she has worked as a security culture expert at places like Atlassian, Synopsys. Salesforce, Bugcrowd, and Facebook. Since 2024, she has been a contributor to the OWASP Security Champions Guide Project and Track Lead for the OWASP AppSecGlobal Conferences. She lives in San Francisco, CA, USA.
Session
Have you ever wondered what it would really be like if your developers were also security experts? Would you be around to find out? I worked for a company that makes a SAST tool, and we had the unique arrangement where developers were responsible for SDL security practices, under the guise of calling it "dogfooding". I discovered that there were indeed several key areas that the security team was still needed for... but it wasn't the areas I expected. We created a Security Champions program and found that knowledge was the key to breaking down barriers between these silos. And I learned that trying to engineer myself out of a job was harder than it seemed! :D