“Security is a core requirement of software development. No mature development organization today believes security can be layered on after the fact.” — Jacob West
I was able to catch up with Jacob West, CTO, Enterprise Security Products, HP, after one of his global jaunts last month. Jacob tells us about some very interesting security projects for HP, as well as his perspective on the current state of DevOps in the enterprise.
“There is no good way to differentiate a (software) user from an attacker. If that’s the case, software has to have security built in as a core requirement.” — Jacob West
Listen to the Interview: Jacob West – Automation and Application Security as Part of Development
Highlights of our Conversation
00:05 The security industry transition to DevOps
01:15 Identifying DevOps
03:00 The process and workflow assigned to DevOps
04:30 Automation and application security as part of development process
07:15 Intrusion prevention detection vs built in security as part of development
09:23 Financial decisions related to creating secure software
11:11 What is HP working on
14:11 Static vs dynamic security analysis
15:20 His new role as Leader of Security Research at HP
About Jacob West
Jacob West is chief technology officer for Enterprise Security Products (ESP) at HP. In his role, West influences the security roadmap for the ESP portfolio and leads HP Security Research (HPSR), which drives innovation with research publications, threat briefings, and actionable security intelligence delivered through HP security products.
Prior to this role, West served as chief technology officer for Fortify products and leader of Fortify Software Security Research within HP ESP. West has spent more than a decade developing, delivering, and monetizing innovative security solutions, beginning with static analysis research at the University of California, Berkeley and as an early security researcher at Fortify prior to its acquisition by HP.
A world-recognized expert on software security, West co-authored the book, “Secure Programming with Static Analysis” with colleague and Fortify founder, Brian Chess, in 2007. Today, the book remains the only comprehensive guide to how developers can use static analysis to avoid the most prevalent and dangerous vulnerabilities in code.
West co-authors the Building Security in Maturity Model and speaks frequently at customer and industry events, including RSA Conference, Black Hat, Defcon and OWASP. A graduate of the University of California, Berkeley, West holds dual-degrees in Computer Science and French and resides in San Francisco, California.