Recently, I was a speaker and exhibitor at the DevOps Rex Paris conference. I would like first to thank the team, Infopro Digital, that made this conference, which had been stopped during recent years because of Covid. I remember being there in 2019 and some of their sessions were really insightful and inspiring.The Conference program was really diverse: release management, incident handling, testing, shift-left. It was both about DevOps and DevSecOps with interesting insights for everyone.
Before I give you my takeaways from the questions that were asked asked by those who came to the Symbiotic Security booth, for those who didn’t see us there: at Symbiotic Security, we secure your code by integrating an AI-driven security coach directly with developers’ IDEs, providing real-time remediation of vulnerabilities and just-in-time training for DevOps. This hybrid-intelligence approach not only prevents security issues but also educates developers on the security flaws they create, ensuring they don't repeat mistakes.
The real-time approach is something that really rang a bell for people coming to the booth. Having a security product in the CI will help to warn you of vulnerabilities a few hours after coding, but Copilot have moved us in the direction of having direct and real-time recommendations. Devs want this help in their flow of coding, not a tool that will make the build of their software fail a few hours after writing the code.
One question that came up a few times is about templates of code. Companies with large DevOps teams have been creating some templates of secure code and want us to integrate custom trainings in order to help their devs leverage those templates. Smaller organizations are looking for the same thing, but are waiting for us to create them. As a developer, it’s cool to have prebuilt architectures in Terraform modules that could be quickly reusable.
This approach is really powerful because it changes our perspective on what developers want. Old fashioned code security products say that they are really good for problem detection, newer products say that they are good for reducing the median time to remediate. We think that the right perspective is to prove that developers will ship their (secure) features faster. Reusing the secure templates will help developers gain back a lot more of their time.
We had the opportunity to have our booth just next to one of our design partners, Theodo. Beyond the fact that it’s cool to meet our design partner in real life, we had the opportunity to meet Fabrice Bernhard, cofounder & group CTO. Fabrice is the author of The Lean Tech Manifesto, a book which I recommend to everyone. Theodo is really mature in terms of lean culture and it was interesting to discuss some concepts; I remember Fabrice saying in the book that, “To be effective, training should be held as close as possible to the situation that made the training necessary in the first place - what scientists call ‘near transfer’.”* This is exactly the mindset of what we are building at Symbiotic Security.
As we look ahead, it’s clear that our collaboration with the DevOps and DevSecOps community will continue to drive innovation. By staying attuned to what developers need and integrating tools that truly support them, we can redefine what it means to secure code—making it faster, smarter, and more intuitive. Thank you again to the DevOps Rex Paris team and everyone who stopped by our booth for contributing to this exciting journey!
*The Lean Tech Manifesto, page 108. Original source from Harvard Business Review.
