Ericka Chickowski

CSO Online about how AI-assisted coding is going to change the complexion of secure code and appsec training for software engineering teams. The main premise is what does developer security awareness even mean in the era of vibe coding? As orgnaizations move to platform engineering for more automated security checks, how do organizations need to change the content and delivery of how they are training devs for appsec and product security. Some Qs I'd like to get answered by security training experts, security consultants, CISOs and the like: -What are the most fundamental ways AI-assisted coding is changing (or should change) the way developers approach and enforce the security and resilience of their code, their application environments, and their own tool pipelienes? -What are the most important security fundamentals that developers need to learn today as AI-assisted development and more automated dev toolchains permeate the typical eng organization? How does that compare to the secure code training needs of, say, five years ago? -How have the rapid changes in devleopment patterns in the last year changed the way organizations approach the content and and delivery of security-related training for software engineers? -What role does cyber range training and similar type hands-on training play as developer roles are changed in the AI-assisted software engineering era? -What role will the appsec and broader security team play in helping to create guardrails enforce security rules and reinforce training provided to developers in hyper-automated dev tool chains.