fbpx

How to Get Started with DevSecOps

DevSecOps

Publish Date

Oct 29, 2018

Written by

Andrei Bezdedeanu

Tagged with

  • DevSecOps
  • DevOps
  • IT/Dev Connections

IT/Dev Connections 2018 took place recently in Dallas, TX. The conference was packed with strong technical sessions focused on a range of topics—from AWS and Azure to Blockchain, PowerShell and DevOps—across multiple tracks: Data Platform, Developer Platform, Cloud and Security. I was asked to deliver a session on DevSecOps.

How to Get Started with DevSecOps
I presented a session during the Security track called “How to Get Started with DevSecOps.” If you do a search around this topic, you’ll see it’s very popular, indicating that DevSecOps and how to move forward is still a nascent concept in terms of understanding. In my session, I discussed how collaboration between development and security teams is key to DevSecOps transformation and that it involves both cultural and technological shifts. The challenges associated with adoption can be addressed by empowering developers with the appropriate security tools and processes, automation and orchestration. I also outlined how to enable this transformation—including the necessary detection, remediation and defect metrics—and the resulting benefits, including the delivery of more secure applications, lower cost of managing your security posture and full visibility into application and enterprise risks.

At the end of this session we had a pretty lively discussion. There was a lot of interest around the ways companies can embed security tools in a traditional CI/CD pipeline and the visibility they can get into the application vulnerabilities and risk. We also had some good conversation around the metrics and indicators that a proper DevSecOps strategy can provide for management and stakeholders.

Container, Serverless, GDPR Also Hot Topics

Other popular sessions and topics at the conference aligned pretty closely with trending discussions. Several sessions focused on various aspects GDPR as everyone is still trying to sort out the specifics of this European regulation. The most common topics in the Cloud track were around Docker containers and serverless. In the Data Platform sessions we heard a lot of good information about SQL Server 2019, leveraging R to process unstructured data and business intelligence reporting platforms.

A high note of the conference was IT/Dev Connection’s second annual hackathon focused on prototyping a data backup solution leveraging Alexa. Three teams battled out for bragging rights. The solutions presented were excellent and, after much deliberation the judges chose team “Umbrella Fellas”.

The networking opportunities at the conference were actually even more valuable than the technical sessions themselves. I had the opportunity to meet like-minded people from across the country who were trying to solve similar problems and I will surely keep in touch with many of them in the future.

Watch the Presentation

If you weren’t able to attend If you would like to have a deeper dive conversation about DevSecOps or the ZeroNorth platform, contact us and we’ll set something up.

 


eBooks & Research Reports

Research Report: The Journey to True DevSecOps

Many questions emerge as the topic of DevSecOps is volleyed about. First, confusion exists in terms of understanding what it actually means to get to true ...

Read Now

Videos

Application Security: Bridging the Gap Between DevOps and Security Teams

When AppSec and DevOps teams aren’t aligned on how to deliver secure software, fast, organizations are at risk. This video discusses how to tackle this challenge ...

Watch Now

Related Articles

DevSecOps

When DevOps as a Service Meets Security

By Joanne Godfrey Jul 20, 2021

DevOps is one of the latest IT methodologies to be offered ‘as a Service’. With DevOps as a Service (DaaS), all tasks related to selecting, managing ...

Read More

Vulnerability Correlation

What is Application Vulnerability Correlation and Why Does it Matter?

By ZeroNorth May 28, 2021

As applications become more complex, and attack vectors grow more sophisticated, the critical importance of comprehensive software security testing emerges. These days, application testing has become ...

Read More

The ZeroNorth DevSecOps platform offers options for your DevSecOps journey—getting started with AppSec, finding enterprise visibility or fully integrating security into DevOps.