Pawel Krawczyk

Pawel Krawczyk

Pawel has been working in information security for the last 15 years and experienced a very broad range of specialties, from reverse engineering, network security, secure development in Python and Java to security architecture and incident response.
Worked as a contractor for HSBC, Goldman Sachs, Aon and public sector, designing application security strategies.

Talk: Effective secure development lifecycle in DevOps



Building in security testing into a continuous delivery pipeline is a mixed experience: on one hand there's plenty of open-source tools for dependency checking and source security scanning out there, but at the same time their quality varies and in many cases commercial tools are the only alternative.

Based on my first-hand experience I will untangle the complex world of DAST/SAST/IAST/RASP tools and explain how to choose them properly to match both your budget and your security objectives.