Aws Re:invent 2025 - From Code To Cloud: Building Appsec Programs...
🦄 Making great presentations more accessible. This project aims to enhances multilingual accessibility and discoverability while maintaining the integrity of original content. Detailed transcriptions and keyframes preserve the nuances and technical insights that make each session compelling.
📖 AWS re:Invent 2025 - From Code to Cloud: Building AppSec Programs with AWS (SEC222)
In this video, Daniel Begimher and Patrick Gaw from AWS present a comprehensive framework for building Application Security programs. They outline four key phases: planning (stakeholder analysis and goal setting), preparation (code scanning and communicating expectations), execution (threat modeling using the Four Question Stack framework, leveraging Amazon Q Developer and Amazon Inspector for security scanning), and scale (empowering developers through the Guardians Program and reusable security artifacts). The session emphasizes the "easy button" principle—meeting developers where they are by integrating security tools directly into IDEs and workflows. Live demonstrations showcase Amazon Q Developer's agentic capabilities with customization documents for automated security scanning, and Amazon Inspector's integration with GitHub repositories. The core message centers on distributed ownership, shift-left security practices, and making security seamless rather than burdensome for development teams.
; This article is entirely auto-generated while preserving the original presentation content as much as possible. Please note that there may be typos or inaccuracies.
Hello everyone. Thank you for joining us for this 4 p.m. Thursday session and welcome to SEC 222, From Code to Cloud: Building AppSec Programs with AWS. My name is Daniel Begimher. I'm a Senior Security Engineer in AWS. I've been here for over 5 years now and have been doing security for the past 13 years across different domains including incident response, application security, and recently security. Today I'm here with Patrick Gaw.
Hello everyone, Patrick Gaw. I'm a Principal Security Engineer on AWS's Global Services Security team, and I've been at AWS about 3.5 years. Prior to that, I was at a late stage startup as a VP of Security, helped build up their Greenfield Security program, and then prior to that I was an AppSec engineer and I've built and run security engineering teams and architectures. It's a pleasure to meet you all today.
Cool. So this is a level 200 breakout session. We're going to have 60 minutes w
Source: Dev.to
