Ulisses Albuquerque

Security Engineer, Latitude Financial Services

Ulisses Albuquerque is an experienced developer with a passion for application security done using tools and processes which do not slow down delivery.

A long-term developer and open source advocate turned into a security professional, he utilises his experience to support development teams in building secure software via pre-approved and well maintained patterns and libraries, and by providing security metrics and checks as part of regular developer workflows such as pull requests and CI/CD hooks. He believes in symbiotic, empathetic relationships between security and application developers as a way to uplift security posture while avoiding saying "no" as much as possible.

 

Talks on Wurreka:

This talk tells the story of the implementation of an application security program in an agile, polyglot, cloud-first organisation.

With fast-moving teams, multiple programming languages and frameworks to support and an imperative to not slow down development, security engineering developed a distributed serverless event-oriented distributed architecture which orchestrates best-of-breed security tooling and makes results available to developers via the same tools they use as part of regular development activities, such as configuration management pull requests and Slack messages.

We go through the integration patterns for static application security analysis, software composition analysis, container security scanning and cloud compliance scanning, discussing the challenges specific to each tool and how the security engineering team was able to overcome or compensate for them.

We also discuss the collaborative approach taken in embedding security work in the same environment used by the rest of the development teams, allowing security engineers to understand the painful aspects of their proposed solutions and get feedback from developers. We will talk about how some tools were chosen in partnership with the development teams and how that helped with frictionless adoption.

Finally, we go through how making security metrics readily available and visible helped enable risk ownership by the development teams, shifting from a ""security approval"" to a ""security partnership"" approach to secure software delivery. This is demonstrated by increased development team engagement (particularly in earlier stages of the software development lifecycle), decrease in the number of security vulnerabilities and a much clearer perception of the technical risk and associated technical debt present in all software developed in the organisation.

See Highlights of
Wurreka

Hear What Attendees Say

PWC Logo

“Once again Wurreka has knocked it out of the park with interesting speakers, engaging content and challenging ideas. No jetlag fog at all, which counts for how interesting the whole thing was."

Cybersecurity Lead, PwC

Intuit Logo

“Very much looking forward to next year. I will be keeping my eye out for the date so I can make sure I lock it in my calendar"

Software Engineering Specialist, Intuit

Groupon Logo

“Best conference I have ever been to with lots of insights and information on next generation technologies and those that are the need of the hour."

Software Architect, GroupOn

Hear What Speakers & Sponsors Say

Scot Davis

“Happy to meet everyone who came from near and far. Glad to know you've discovered some great lessons here, and glad you joined us for all the discoveries great and small."

Scott Davis, Web Architect & Principal Engineer, ThoughtWorks

Oracle

“What a buzz! The events have been instrumental in bringing the whole software community together. There has been something for everyone from developers to architects to business to vendors. Thanks everyone!"

Voltaire Yap, Global Events Manager, Oracle Corp.

Venkat Subramaniam

“Wonderful set of conferences, well organized, fantastic speakers, and an amazingly interactive set of audience. Thanks for having me at the events!"

Dr. Venkat Subramaniam, Founder - Agile Developer Inc.