The DevSecOps Sandwich: How to Ensure the 'Sec' Element Has Real Bite!

Logo
Presented by

Andrew Boyle, Director and Distinguished Cyber Technologist, Booz Allen Hamilton

About this talk

We've migrated from Waterfall to Agile to DevOps and now, DevSecOps. Now that security is equality represented with development and operations, is everything good? Not at all! Broadly speaking, the Sec element has not (yet!) been fully embraced and is not on par with Dev and Ops. In fact, in many cases the Sec element amounts to a check in the security box. Testing went through a similar struggle but emerged victorious with test-driven design and embedded testers. The inclusion of the Sec element in DevSecOps gives all cybersecurity practitioners an opportunity to elevate the impact and relevance to equal the Dev and Ops elements. We, as leaders in the cybersecurity industry, must understand how Sec engagement in DevSecOps works and what indicators predict failures. Learning objectives: 1. Describe the critical role that security plays during DevSecOps and understand the critical nature of security to successful DevSecOps environments. 2. Conduct assessments of past/current/future DevSecOps environments to ensure that the 'Sec' element is of equal influence and impact. 3. Quantify and prioritize the attributes of the 'Sec' element of DevSecOps that are applicable to their organization, and recognize the Sec-specific signals related to successful and unsuccessful DevSecOps environments.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (108)
Subscribers (15445)
(ISC)² Security Congress channel contains digital content of activities at (ISC)2's Flagship conference event. You'll find keynotes, sessions and related items.