Making the Jump from DevOps to DevSecOps Effectively
Organizations are moving to Agile and DevOps to build and deploy software more rapidly. As they break down organizational silos to bring together testing, development, and operations, they often avoid or exclude security in their transformational efforts. Highly-regulated organizational leaders are often left wondering: Where does my traditional security organization fit into this new Agile/DevOps world? How do I know that my applications are becoming more secure, while still getting the advantages of rapid incremental, deployment? Alan will talk about his experiences with financial, health and government clients adopting DevSecOps practices to address these challenges. He’ll discuss what the essential characteristics that make up a strong DevSecOps pipeline and what practical changes you can adopt now. Then, he will describe how quality gates and security testing can be used to shift security left. Lastly, Alan will review common pitfalls he encountered along the way. Attendees will leave with an understanding of how to reduce software risk and increase visibility into the security of their applications by adopting DevSecOps practices.