Shift Left, NOT S#!T LEFT – Larry Maccherone – ASW #182

If you attempt to shift security left without adaptation, it’ll feel a lot more like S#!T LEFT to the development teams but most security groups lack the mindset and skills to do it in a way that works well with modern development approaches and tools but directly focuses on gradual methodical practice and culture change.

Larry Maccherone led the Dev(Sec)Ops transformation program in the highly diverse environment at Comcast using Agile and Digital Transformation approaches. Teams that onboarded to the program had 1/7th as many vulnerabilities and incidents in production — a result so compelling that security leadership allowed it to scale to all 600 development teams. Along the way, Larry learned some critical lessons on how to provide a gradual onramp to empowering teams to be worthy of being trusted with the security of the products they were developing.
Visit for all the latest episodes!

Full Episode Show Notes

Shift Left, NOT S#!T LEFT


Larry Maccherone

Larry Maccherone – DevSecOps Transformation at Contrast Security


Looking at Larry Maccherone’s career, you might think he can’t figure out what he wants to be when he grows up – Serial entrepreneur? Agile transformation coach? Open-source developer? Data scientist? Dev[Sec]Ops thought leader?

However, the underlying theme is that Larry has constantly been striving to create the highest performing (productivity, quality, security, etc.) software engineering teams.

At Comcast, Larry built and scaled the DevSecOps Transformation program over five years, and he’s now looking to apply what he learned doing that to help all Contrast customers and prospects.

Larry hails from Raleigh, NC, where his wife and four daughters make sure there is never a dull moment.


John Kinsella

John Kinsella – Co-founder & CTO at Cysense


John Kinsella is the Chief Architect for Accurics

Mike Shema

Mike Shema – Security Partner at Square


Mike Shema is a Security Partner at Square.


  • Don’t miss any of your favorite Security Weekly content! Visit to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

  • Join us February 16th to learn about validation techniques within applications. Then join us March 2nd to learn five things you can do to catch more bad guys! To register for these webcasts visit Don’t forget to check out our library of on-demand webcasts & technical trainings at