Pete Chestna

As Director of Developer Engagement, Pete provides customers with practical advice on how to successfully roll out developer-centric application security programs. Relying on more than 10 years of direct AppSec experience as both a developer and development leader, Pete provides information on best practices amassed from working with Veracode’s 1,000+ customers. Pete joined Veracode in 2006 as a platform developer and was instrumental in delivering the first version of Veracode’s service to customers. Later, as Director of Platform Engineering, Pete managed the Agile teams responsible for delivering Veracode’s SaaS platform and built the first DevOps team.  Pete also spearheaded...
Posts by Pete Chestna

Veracode’s Journey to DevOps: Getting Agile-ish

August 24, 2018

As I stated in my previous post, in 2012 we started a transition to Agile. Because Veracode was and is always constructively dissatisfied with our current state and we have a culture that embraces learning, we were eager to find a better way. Our internal champion, Tom Hickman, had done this before and he proved himself a great coach and mentor. I will forever be grateful for his guidance. There... READ MORE

How to Hire and Build Developers Into Full Spectrum Engineers

May 31, 2017  | Secure Development

Hiring and Training Full Spectrum Engineers

As you look at candidates for your DevOps teams, it’s critical to find developers who exhibit qualities of a full spectrum engineer – generalists who can do it all. You need people who will add velocity and not be dependent on others to complete their work. It’s likely that you will not find someone who has every skill you need, so look to find people with the potential to grow and learn at speed... READ MORE

5 Things Developers Need to Thrive as a Full Spectrum Engineer

May 24, 2017  | Secure Development

 How to Be a Full Spectrum Engineer

The rise of DevOps has given rise to a new type of developer, what I call the full spectrum engineer (FSE). In my previous blog post in this series, I looked at the evolution of software development from requiring specialists to developers who can do it all. So what does it take to thrive in a DevOps environment and succeed as a full spectrum engineer? Here are five things you need to do to make... READ MORE

Get Ready for the Full Spectrum Engineer

May 18, 2017  | Secure Development

Full Spectrum Engineer

I’ve been a software engineer for over 25 years. Over that time, there has been a pendulum in the industry that swings between demand for developers as specialists or generalists. As new architectures, development methodologies, and organizational structures emerge, development teams need specialists. As technologies and methodologies become assimilated, developers need to adapt and incorporate... READ MORE

Veracode’s Journey to DevOps: Waterfall and Push Nights

April 19, 2017  | Secure Development

When I started working at Veracode in 2006, we were developing software the way I had for over 15 years – we were using Waterfall. It would be six years before we moved away from Waterfall and took the Agile plunge, and even longer before we got to DevOps. Looking back, I wonder how much farther along we’d be today if we had adopted the Agile methodology, which at that time was cutting edge.... READ MORE

Give Developers Training That Actually Helps

April 7, 2017  | Managing AppSec | Secure Development

Do you have a security education program for your developers? I hope so. Although developers are certainly capable of writing quality, secure code, most were never trained in security. They just don't know what they don't know. When I was actively developing enterprise software, I would visit the bookstore to purchase books on the technologies that I was using. These books were hundreds... READ MORE

How Developers Can Go From Mercenaries to Masters of Their Domain

August 17, 2016  | Secure Development

If you’re a developer like me, you’ve probably had more than a few jobs over the years. In today’s business climate, developers are like 21st century mercenaries: pursued by company after company, enticed by hotter jobs, cooler projects and – of course – bigger salaries. Staying anywhere more than two years is unusual. It’s a sellers’ market if you’re a developer. The market conditions are... READ MORE

Play in the sandbox

July 29, 2015  | Secure Development

This next post picks up where we left off in our previous discussion around automation within developers’ toolchains. Once developers have a methodology to perform security assessments and fix identified vulnerabilities within an integrated environment, the next question is how to assess new code against specific security and compliance policies. The sandbox is the way for individual... READ MORE

Automate Security Testing to Blend In

July 13, 2015

In my last blog post I discussed developing a comprehensive security testing approach using multiple assessment techniques including binary static analysis, dynamic analysis, and manual penetration testing. Let’s take this approach to the next level by talking about automation and how to continue maximizing developers’ existing workflows and tools. Blending in with developers’ toolchains means... READ MORE

Use multiple techniques for security assessments

March 13, 2015

In my last blog post, I elaborated on how development teams can embed security into an actual agile sprint. My recommendations centered on keeping developers working efficiently within their toolchain in order for them to complete stories within the sprint. Now I want to talk to you about comprehensive security testing. Using multiple assessment techniques ensures better coverage and accuracy.... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.