OPEN TALK: Déjà Vu All Over Again: The Student Body Left Problem


Pete Chestna
Checkmarx, CISO

Pete Chestna serves as the CISO of North America at Checkmarx, where he provides customers and prospects with practical advice for building successful application security programs. Bringing more than 15 years of direct AppSec practitioner experience, Pete has held roles ranging from developer and development leader to his most recent position as the Global Head of AppSec for the Bank of Montreal.

Over the years, Pete has led organizational transformations from Waterfall to Agile to DevOps and from monolith to microservice architectures. He is certified as both a scrum master and product owner. Stemming from his experience as both an avid practitioner and consultant, Pete has spoken internationally at numerous prominent security and developer conferences including DevOpsDays, All Day DevOps, OWASP AppSec, and DevSecCon.

Pete has been granted 3 patents. He enjoys whiskey tourism, astronomy, model rocketry and listening to Rush in his spare time. 


Secure software development isn’t always a top concern to the business unless you are in a highly regulated industry. Today, time to market is often more important than security, increasing the value of the product that you sell with continuous improvement and quick software releases. To create and maintain a lead on the competition, you have to be really good at Agile and DevOps.

A potential scenario: the security team has called an emergency meeting. A new vulnerability has been publicly disclosed that impacts not only your software, but your company and your customers. Will the required remediation take hours or even weeks to complete? It depends on your preparedness.

To improve your readiness and reduce impact, we will look at tips and actions you can take now.

1. Learn more about the scope of the mess that was created by the Log4j CVE.

2. Why most companies struggled to address it quickly.

3. What steps you can take now to be ready for the next one.