Pete Chestna

As Director of Developer Engagement, Pete provides customers with practical advice on how to successfully roll out developer-centric application security programs. Relying on more than 10 years of direct AppSec experience as both a developer and development leader, Pete provides information on best practices amassed from working with Veracode’s 1,000+ customers. Pete joined Veracode in 2006 as a platform developer and was instrumental in delivering the first version of Veracode’s service to customers. Later, as Director of Platform Engineering, Pete managed the Agile teams responsible for delivering Veracode’s SaaS platform and built the first DevOps team.  Pete also...
Posts by Pete Chestna

Veracode’s Journey to DevOps: Waterfall and Push Nights

April 19, 2017  | Secure Development

When I started working at Veracode in 2006, we were developing software the way I had for over 15 years – we were using Waterfall. It would be six years before we moved away from Waterfall and took the Agile plunge, and even longer before we got to DevOps. Looking back, I wonder how much farther along we’d be today if we had adopted the Agile methodology, which at that time was... READ MORE

Give Developers Training That Actually Helps

April 7, 2017  | Managing AppSec | Secure Development

Do you have a security education program for your developers? I hope so. Although developers are certainly capable of writing quality, secure code, most were never trained in security. They just don't know what they don't know. When I was actively developing enterprise software, I would visit the bookstore to purchase books on the technologies that I was using. These books were hundreds... READ MORE

How Developers Can Go From Mercenaries to Masters of Their Domain

August 17, 2016  | Secure Development

If you’re a developer like me, you’ve probably had more than a few jobs over the years. In today’s business climate, developers are like 21st century mercenaries: pursued by company after company, enticed by hotter jobs, cooler projects and – of course – bigger salaries. Staying anywhere more than two years is unusual. It’s a sellers’ market if you’... READ MORE

Play in the sandbox

July 29, 2015  | Secure Development

This next post picks up where we left off in our previous discussion around automation within developers’ toolchains. Once developers have a methodology to perform security assessments and fix identified vulnerabilities within an integrated environment, the next question is how to assess new code against specific security and compliance policies. The sandbox is the way for individual... READ MORE

Automate Security Testing to Blend In

July 13, 2015  | Managing AppSec

In my last blog post I discussed developing a comprehensive security testing approach using multiple assessment techniques including binary static analysis, dynamic analysis, and manual penetration testing. Let’s take this approach to the next level by talking about automation and how to continue maximizing developers’ existing workflows and tools. Blending in with developers’... READ MORE

Use multiple techniques for security assessments

March 13, 2015

In my last blog post, I elaborated on how development teams can embed security into an actual agile sprint. My recommendations centered on keeping developers working efficiently within their toolchain in order for them to complete stories within the sprint. Now I want to talk to you about comprehensive security testing. Using multiple assessment techniques ensures better coverage and accuracy.... READ MORE

Find it Early, Fix it Early: PETETalks

December 15, 2014

In my recent blog post I discussed some of the fundamental tenets of the agile methodology of software development – one of which is keeping developers working efficiently within their tool chain.  Having held the role of Scrum Master myself, I’ve had the responsibility to ensure that members of my development team have the tools they need to finish their tasks at hand before... READ MORE

Secure Agile Development. Think like a Developer.

November 5, 2014

As you lead your organization in securing software development and delivery, you will come across several challenges – despite the recent growth and increased adoption of the agile methodology. Application vulnerabilities and coding issues are typically time-consuming to find, document, and fix with traditional testing tools. Short agile sprints don’t lend themselves to these long... READ MORE

Four Steps to Successfully Implementing Security into a Continuous Development Shop

July 23, 2014

So you live in a continuous deployment shop and you have been told to inject security into the process. Are you afraid? Don’t be. When the world moved from waterfall to agile, did everything go smoothly? Of course not – you experienced setbacks and hiccups, just like everyone else. But, eventually you worked through the setbacks and lived to tell the tale. As with any new initiative, it will... READ MORE

Secure Agile Q&A: Scale, Continuous Integration and Policies

June 16, 2014

Last week I took some time to answer viewer questions from my webinar, “Secure Agile Through Automated Toolchains: How Veracode R&D Does It”. This is my second post to respond to questions from the webinar so if you haven’t yet read the the first one check it out here. My first post focused on questions regarding integration with environments such as Microsoft Team Foundation Server, Maven... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu