Jacob West - Automation and Application Security as Part of Development by Trusted Software Alliance published on 2013-07-11T14:56:28Z "Security is a core requirement of software development. No mature development organization today believes security can be layered on after the fact." -- Jacob West I was able to catch up with Jacob West, CTO, Enterprise Security Products, HP, after one of his global jaunts last month. Jacob tells us about some very interesting security projects for HP, as well as his perspective on the current state of DevOps in the enterprise. "There is no good way to differentiate a (software) user from an attacker. If that's the case, software has to have security built in as a core requirement." -- Jacob West Highlights of our Conversation 00:05 The security industry transition to DevOps 01:15 Identifying DevOps 03:00 The process and workflow assigned to DevOps 04:30 Automation and application security as part of development process 07:15 Intrusion prevention detection vs built in security as part of development 09:23 Financial decisions related to creating secure software 11:11 What is HP working on 14:11 Static vs dynamic security analysis 15:20 His new role as Leader of Security Research at HP About Jacob West Jacob West is chief technology officer for Enterprise Security Products (ESP) at HP. In his role, West influences the security roadmap for the ESP portfolio and leads HP Security Research (HPSR), which drives innovation with research publications, threat briefings, and actionable security intelligence delivered through HP security products. Prior to this role, West served as chief technology officer for Fortify products and leader of Fortify Software Security Research within HP ESP. West has spent more than a decade developing, delivering, and monetizing innovative security solutions, beginning with static analysis research at the University of California, Berkeley and as an early security researcher at Fortify prior to its acquisition by HP. A world-recognized expert on software security, West co-authored the book, “Secure Programming with Static Analysis” with colleague and Fortify founder, Brian Chess, in 2007. Today, the book remains the only comprehensive guide to how developers can use static analysis to avoid the most prevalent and dangerous vulnerabilities in code. West co-authors the Building Security in Maturity Model and speaks frequently at customer and industry events, including RSA Conference, Black Hat, Defcon and OWASP. A graduate of the University of California, Berkeley, West holds dual-degrees in Computer Science and French and resides in San Francisco, California.