Agile + DevOps West 2020 DevSecOps Summit Session - DevSecOps: Essential Pipeline Tooling to Enable Continuous Security | TechWell


Friday, June 12, 2020 - 2:00pm to 2:30pm

DevSecOps: Essential Pipeline Tooling to Enable Continuous Security

Add to calendar

As we start pushing toward more frequent releases, we no longer have time for slow, manual, late-lifecycle security assessments to determine if our code is going to put us on the front page of the newspaper (for the wrong reasons). We need a way to know that our code is secure enough every day. What we need is continuous security. DevSecOps is about exactly that: shifting security assessment left and integrating it into our daily and sprint-ly cycles. It means finding touchpoints in our continuous integration/continuous delivery (CI/CD) pipeline where security tools can be run continuously against the software changes as they are made. It means using static code analysis, dynamic security testing, secure composition analysis of third-party components, and platform vulnerability scanning to look at all aspects of security every day. It means breaking builds and rejecting changes when developers introduce new security vulnerabilities. In this talk, I present my successes and challenges with integrating security into DevOps pipelines to provide continuous assessment of security posture. I focus on my latest experiences building delivery pipelines for a containerized microservice-based project where we integrated a broad set of open source and commercial tools to gather and present security data. This talk is perfect for people struggling with ways to integrate application security assessment into their Agile development process.

Rich Mills

Richard Mills has more than 25 years of experience in software engineering with a concentration on pragmatic software process and tools. Rich has a specific focus in Agile development methods and is passionate about DevOps, Continuous Integration, and Continuous Delivery. As the Solution Architect for DevOps at Coveros, Rich is dedicated to helping customers build software better, faster, and more securely by coaching and mentoring in Agile development methodologies, automating software delivery (builds, tests, and deployments) and integrating strong security measures into development practices. He has spent his career working in the areas of static and dynamic software analysis tools, configuration management, and automated software delivery. Rich currently works as a Sr. DevOps Architect with Coveros and has been with the company since 2010, spending most of his time engaged with customers. He is an alumnus of Bucknell University where he earned a BSEG in Computer Engineering.