2025-11-15 –, Room 300
Have you ever wondered what it would really be like if your developers were also security experts? Would you be around to find out? I worked for a company that makes a SAST tool, and we had the unique arrangement where developers were responsible for SDL security practices, under the guise of calling it "dogfooding". I discovered that there were indeed several key areas that the security team was still needed for... but it wasn't the areas I expected. We created a Security Champions program and found that knowledge was the key to breaking down barriers between these silos. And I learned that trying to engineer myself out of a job was harder than it seemed! :D
Marisa Fagan is Head of Product at a “security champions as a service” startup called Katilyst. She works on building security into the SDLC and empowering developers to own secure code. Previously, she has worked as a security culture expert at places like Atlassian, Synopsys. Salesforce, Bugcrowd, and Facebook. Since 2024, she has been a contributor to the OWASP Security Champions Guide Project and Track Lead for the OWASP AppSecGlobal Conferences. She lives in San Francisco, CA, USA.