Dos and Don'ts of DevSecOps

DevSecOps is a very loaded term and it includes many topics. Despite what some will lead you to believe, DevSecOps is not just an integration of security testing tools. Nor is it merely a focus on achieving security quality attributes on CI and CD. DevSecOps is beyond the automatizing security testing and there are common misconceptions and roadblocks on how you can establish it successfully.

Learning Objectives:
1: Identify key principles of DevSecOps and see how it relates to DevOps principles.
2: Analyze common pitfalls and see where integration security takes part in DevSecOps.
3: Demonstrate how to do “Continuous Security” by using a lifecycle approach.

Speaker: Hasan Yasar

Hasan Yasar is the Technical Manager of the Secure Lifecycle Solutions group in the CERT Division of the Software Engineering Institute, CMU. Yasar leads an engineering group tasked on developing prototype solutions with DevSecOps. He specializes in secure software solutions design and development in the cybersecurity domain including digital investigation, incident management and large-scale malware analysis. He is also Adjunct Faculty in CMU Heinz Collage and Institute of Software Research where he currently teaches Software and Security and DevOps: Engineering for Deployment and Operations.

Detailed Presentation:

(Source: RSA Conference USA 2018)
 
 
E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform