Build Better Defenses
October 29–30, 2017: Training
October 30–November 1, 2017: Tutorials & Conference
New York, NY

Strike back against legacy software vulnerabilities

Jay Kelath (Dow Jones)
3:50pm–4:30pm Tuesday, October 31, 2017

Who is this presentation for?

  • Security and engineering managers

Prerequisite knowledge

  • Experience rolling out a security program

What you'll learn

  • Learn how Dow Jones successfully integrated security into the Agile software development cycle and how you can do the same in your organization


Legacy applications are a security nightmare. One solution is to introduce Agile security methods into the development process.

Jay Kelath explains how the product security team at Dow Jones successfully integrated security into the Agile software development cycle while dealing with problems in legacy architectures—outlining a plan you can follow in your own security transformation. Jay discusses the major challenges faced in starting an Agile security program and why it’s important to address people, process, and technology solutions to get buy-in from all parties involved. Jay then takes you through the practical solutions that Dow Jones implemented and alternatives you may want to try in your environment.

Topics include:

  • The executive sales pitch
  • Automation and tooling
  • Training
  • Reporting for tech, business, and management
  • Well-defined processes
  • Suggested timelines for implementing this culture shift in your company
Photo of Jay Kelath

Jay Kelath

Dow Jones

Jay Kelath is director of product security at Dow Jones. Jay started his career in security setting up honeypots to profile attackers. The many interesting challenges in the field led him to become a penetration tester to help businesses expose their security weaknesses, first in network security and then in application security. He found his stride in helping develop and mature information security programs. Jay is passionate about building cross-functional teams between engineering and security and bringing security into every aspect of a company’s culture through a focus on automation, tooling, and processes.