Skip to main content

SnykWeek New York: In the cloud

Written by:
wordpress-sync/feature-snykweekny

October 10, 2022

0 mins read

Parties with Patch continued through September as we hosted SnykWeek: New York at the Public hotel on the Lower East Side. Our New York event kept up the theme of discussing all things developer security, this time with a focus on cloud security practices.

wordpress-sync/blog-SnykWeekNY-view
View from the 17th floor

Simon Maple on the future of security

The day began with Snyk Field CTO, Simon Maple, discussing the future of security. He pointed out that the world has never innovated as quickly as it does today, with companies across industries — from finance, to retail, to entertainment — adopting digital transformation and becoming “technology companies.” But security tools and practices aren’t keeping up with this accelerated innovation. What does this mean for the immediate future? Simon explained that security will become decentralized, moving fully into the software development process with developer-friendly tools and the expansion of DevSecOps practices. He also emphasized the importance of cloud adoption for security — as cloud takes over more of the elements we previously saw in a data center environment, security practices will be more tightly integrated within applications, containers, and open source libraries.

Josh Stella talks cloud security

And on the subject of cloud security: Josh Stella, Snyk VP and Chief Architect, took the stage to talk about the Snyk State of Cloud Security Report (and the survey that went into it). He pointed out that 80% of respondents reported a serious cloud security event in the last year. Only one in ten teams are addressing cloud misconfiguration problems within an hour of detection — while malicious actors can work within much less time. Therefore time and automation are critical to cloud security.

While Josh pointed out that that “the cloud is, by far, potentially the safest computing environment that humans have created” — he emphasized potentially. You have to know how to use the cloud to take advantage of its benefits. There’s still room for teams to grow in terms of defining who’s responsible for cloud security. The survey showed that engineers believe their own teams are primarily responsible for cloud security, but only 19% of chief information security officers (CISOs) think engineering teams are handling that responsibility.

Josh also mentioned the major benefit of infrastructure as code (IaC) security. The survey showed an impressive 70% median reduction in cloud misconfiguration among teams using IaC security. Similar improvements in productivity and deployment speed were also reported.

wordpress-sync/blog-SnykWeekNY-Josh
Josh Stella talking through the complexities of cloud security.

You can read more about the data and principles Josh discussed in Snyk’s full report on the State of Cloud Security in 2022.

Snyk’s product roadmap, presented by Ravi Maria

Ravi Maria, our VP of Product and Partner Marketing, presented goals and features from Snyk’s upcoming product roadmap. Some highlights include:

  • new features in Snyk Code (including PR checks, now in Beta)

  • improved vulnerability insights for Snyk Open Source

  • support for Quay, Harbor, GitHub, GitLab, and more registries with Snyk Container

We’re also introducing a more personalized path for developers using Snyk Learn — a curriculum to be developed and followed on developers' terms. As Ravi said, “the best way to get developers to learn about security is to help them solve a problem they’re having, while they’re having it.”

Randall and Micah host “Hack with Patch”

SnykWeek’s developer sessions were hosted by Randall Degges, Sr. Director of Developer Relations and Community, and Micah Silverman, Director of Developer Relations. Randall started the afternoon by talking about how he became interested in security. He pointed out that working in security teaches him something new every day.

"People often speak about security in absolute terms, but that’s the wrong way to think about it. As developers, part of our responsibility is to understand that security events give us a chance to learn. And it’s fun to find security vulnerabilities and fix them. It feels empowering — and it’s fun to be the good guy and get recognition for your security expertise."

Snyk

Randall Degges

Senior Director, Developer Relations & Community, Snyk

With this perspective around the process of finding and fixing vulnerabilities, our interactive developer challenge, “Hack with Patch,” got underway. Micah led the group through a live vulnerability-fixing session. It was great to see everyone in the room heads-down, discovering and eliminating vulnerabilities.

wordpress-sync/blog-SnykWeekNY-Randall
Randall helping out during “Hack with Patch”.

Cocktails in the cloud

We wrapped up the day with a social gathering on the 17th floor terrace at the Public hotel. This gave developers, CISOs, executives, and all other security-curious folks a chance to relax and talk shop. It was the perfect way to end an exciting, information-packed day.

wordpress-sync/blog-SnykWeekNY-terrace-1
Developer chat on the terrace.

We couldn’t have been more excited to host our first SnykWeek event in New York, and we’re grateful to everyone who attended. We’ll be hosting more SnykWeek events around the world, and we’d love to see you there. Coming up this week, SnykWeek San Francisco!

wordpress-sync/feature-snykweekny

How to Build a Security Champions Program

Snyk interviewed 20+ security leaders who have successfully and unsuccessfully built security champions programs. Check out this playbook to learn how to run an effective developer-focused security champions program.