Pete Chestna

Pete Chestna

As Director of Developer Engagement, Pete provides customers with practical advice on how to successfully roll out developer-centric application security programs. Relying on more than 10 years of direct AppSec experience as both a developer and development leader, Pete provides information on best practices amassed from working with Veracode’s 1,000+ customers. Pete joined Veracode in 2006 as a platform developer and was instrumental in delivering the first version of Veracode’s service to customers. Later, as Director of Platform Engineering, Pete managed the Agile teams responsible for delivering Veracode’s SaaS platform and built the first DevOps team.  Pete also spearheaded…

Stay up to date on Application Security

Posts by Pete Chestna
  • 5 Things Developers Need to Thrive as a…
    | By Pete Chestna

    The rise of DevOps has given rise to a new type of developer, what I call the full spectrum engineer (FSE). In my previous blog post in this series, I looked at the evolution of software development from requiring specialists to developers who can do it all. So what does it take to thrive in a…

    Read Article
     
  • Get Ready for the Full Spectrum Engineer
    | By Pete Chestna

    I’ve been a software engineer for over 25 years. Over that time, there has been a pendulum in the industry that swings between demand for developers as specialists or generalists. As new architectures, development methodologies, and organizational structures emerge, development teams need…

    Read Article
     
  • Give Developers Training That Actually…
    | By Pete Chestna

    Do you have a security education program for your developers? I hope so. Although developers are certainly capable of writing quality, secure code, most were never trained in security. They just don't know what they don't know. When I was actively developing enterprise software, I would visit the…

    Read Article
     
  • Play in the sandbox
    | By Pete Chestna

    This next post picks up where we left off in our previous discussion around automation within developers’ toolchains. Once developers have a methodology to perform security assessments and fix identified vulnerabilities within an integrated environment, the next question is how to assess new code…

    Read Article