Guidelines for proposal

Title options

Bio

Victor is a passionated Security engineer based in Berlin (Germany), currently securing products built on blockchain technologies. Some years ago he used to find flaws in software but meanwhile he switched sides and realized that building secure software is way more challenging. He’s also an Agile evangelist and has a holistic approach to building modern, robust and secure IT infrastructure. In his free time he tries to expand his repertoire of statically-typed languages.

Abstract / Description

Building maintainable Security related software can be difficult, especially when you don’t have a software engineering background. However, principles like SOLID and clean code can be applied to every business domain. In fact, it turns out Golang has amazing built-in features to set clear boundaries between your components. And due to its rich ecosystem, you don’t have to reinvent the wheel. You can already take full advantage of well established Go libraries and patterns.

This talk is about my lessons learned while building services aimed at securing developers code. Learn how to build small tools but also complex software in a Security context. And most imporant: Learn how to build solutions that last for years and not for a short period of time.

Presentation outline

Additional Notes

In my past career I’ve mainly used Python to build tools for different purposes. Some years ago I was given the task to build a static code analysis tool for the entire organization. I’ve soon realized that writing (small) tools and building enterprise software are completely two different things. Breaking down complexity and making sure each part part does its part well, was challenging enough. To also build maintainable software at the same time, seemed impossible to me.

And this is where I’ve started to think about statically typed languages again, as they enforce some sort of contracts between different components. To me Golang seemed to be the perfect choice to come up with a reasonable MVP and from there to add more features.

As a Security engineer and throughout my career I’ve specialized in application security. This domain was and still remains interesting enough as it deals with flaws and vulnerabilities in software products. On a daily basis I need to secure software in an Agile environment while keeping myself up-to-date with new technologies, products and libraries.

Based on what I’ve learned working under these circumstances, here are my tipps for building Security products: