Rootconf Pune edition

Rootconf Pune edition

On security, network engineering and distributed systems



Building a continuous secure delivery pipeline

Submitted Apr 13, 2019

In today’s fast paced software development world, we have seen teams facing difficulties keeping up with security requirements. Regular security breach in news highlights how a simple security miss can result into big financial and reputation loss.

To solve this problem, we tried to integrate security as an agile engineering practice, similar to pairing or TDD at ThoughtWorks.

In this talk we will speak about challenges teams face to include security as a practice. We will share some of the lessons learned, tools and techniques to help teams build a continuous delivery pipeline which has security at its core. We will also talk about how a continuously evolving threat model helps team to bake security in the product instead of bloating on in later.


  • Mindset required to have security at the core of delivery pipeline
  • Tools and techniques to be included in your development and delivery workflow to help build security in.
  • Continuous threat modeling
  • How having a continuously evolving threat-model can help mitigate security risks.



Speaker bio

Shirish Padalkar is currently working as a lead consultant in ThoughtWorks. He regularly reads and writes code in different languages including Java, Scala, JavaScript, etc. When not coding, he tries to find vulnerabilities in web applications, and preach about secure coding practices to developers. He regularly speaks at Agile, Developer, Security and Testing conferences or meet-ups.




{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}