2025-09-14 –, Ballroom 2
The cyber threat landscape is vast, deep and ever-changing. Short of retraining as cybersecurity professionals, How can we, as python developers do our part to help keep ourselves, our customers and our data safe? In this talk, we'll look at the current threat landscape, the ways developers commonly fall short, and just how simple it can be to drastically reduce the "oops factor" of our Python development lifecycle.
Extremely clear, practical and easily actionable advice for how everyday Python developers can improve the security posture of their projects today.
We'll step through common risk factors, looking at examples of high profile failures including: credential leakage, PyPI and supply chain security and how SAST (static analysis security testing) can help identify common bugs - many of which have been on the OWASP top 10 since the very beginning.
As we go, we'll build up our own swiss-cheese model of risks and explore Python tooling that we can add to our DevSecOps pipeline to improve our security posture.
The key takeaways is just how easily we can all score some easy wins with little effort.
Simon is a Senior SRE at Stronghold Pay with a background in software development with Python. Previously Simon was a contributor to OpenStack, an open source cloud platform written in Python which sparked his joy for Cloud and DevOps. Coming from a software development background Simon approached his cloud Journey like learning python - through writing code to build and automate cloud infrastructure.