Black Hat 2024: How AI Fits into Today's DevSecOps Requirements

Josh Lemos, CISO for GitLab, joins Dark Reading's Terry Sweeney at News Desk during Black Hat USA to explain how using AI can help automate functions for developers overloaded with coding tasks.

11 Min View
Source: Dark Reading

AI is no stranger to the software development world, since code writers have used machine learning for years. So Josh Lemos, CISO at GitLab Inc., is an advocate for "shifting down" (instead of left), by which he means using AI to automate processes and procedures wherever developers can. "Software security is one of those areas that's very uniquely suited for large language model use," Lemos tells Terry Sweeney during his News Desk appearance during Black Hat USA. "Large language models are text based, language based, and we have source code that is basically language constructs." In fact, just about every part of the software development life cycle can benefit from AI, he adds.

"We're seeing a lot of benefit in software and software security, where a security practitioner or developer already knows what they want and AI really becomes an accelerant," Lemos explains. "With a higher velocity, the developer doesn't have to look at every step. They don't have to have the intimate knowledge or work with the application security team to say, 'How do I fix this?'" Security professionals are already seeing similar dynamics in vulnerability management, remediation cycles, and security operations, he adds.

And there's more to the technology buffet for developers and security professionals than just AI. Lemos has noticed more discussion and attention devoted to cyber resilience -- including how well security technologies are instrumented and if you have runbooks for when things go wrong. "You're going to find a lot of CISOs talking this year about their responsibility to their organizations and the technologies they manage already," Lemos says. "I don't see anything eclipsing AI just yet, but I don't have a crystal ball."

Josh Lemos is the Chief Information Security Officer at GitLab, where he brings 20 years of experience leading information security teams to his role. He is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected, fortifying the GitLab DevSecOps platform and ensuring the highest level of security for customers. He believes in technology's potential to transform the world and the need to secure it against emerging threats. Josh has led security teams at numerous high-growth technology companies including ServiceNow, Cylance, and most recently Block (formerly known as Square).

About the Author

Terry Sweeney, Contributing Editor

Terry Sweeney is a Los Angeles-based writer and editor who has covered technology, networking, and security for more than 20 years. He was part of the team that started Dark Reading and has been a contributor to The Washington Post, Crain's New York Business, Red Herring, Network World, InformationWeek and Mobile Sports Report.

In addition to information security, Sweeney has written extensively about cloud computing, wireless technologies, storage networking, and analytics. After watching successive waves of technological advancement, he still prefers to chronicle the actual application of these breakthroughs by businesses and public sector organizations.


Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights