• Home
  • Blog
  • DevSecOps
  • SOURCE Recap: Use Behavioral Science to Secure Your Organization—and Your Applications

SOURCE Recap: Use Behavioral Science to Secure Your Organization—and Your Applications


Publish Date

May 11, 2018

Written by

Andrei Bezdedeanu

Tagged with

  • Application Security
  • DevSecOps
  • Source Boston

This week I had the opportunity to give a SOURCE Boston Snap Talks on Shifting Left: Accelerating your Business Goals with DevSecOps.

I also attended several sessions—one that really caught my attention was “Using Behavioral Science to Secure Your Organization” by Masha Sedova of Elevate Security. Her premise was that, to encourage security behavior change in an organization you need three things: motivation, ability and triggers. These three things together can affect positive change in the culture and behavior. I believe this same thinking can be applied to creating the culture of DevSecOps and how the ZeroNorth™ platform can affect this change within an organization.

Most companies and organizations now have significant internal development capabilities. Many of them are adopting agile development methodologies, DevOps, but at the same time have siloed security testing tools across the Software Development Lifecycle (SDLC). Security is not well integrated and is too often is an afterthought. But organizations are starting to realize that employing DevSecOps and embedding security into the process is in fact an innovation accelerator, not a barrier.

Referring back to Masha’s triad, we could say that with DevSecOps:

  • The motivation comes from the ability to deliver secure applications at DevOps velocity
  • The ability is provided by the ZeroNorth platform, which orchestrates and automates your code and application scans and offers full visibility into vulnerabilities and risk across the entire application stack
  • The trigger can be a data breach, a cyber incident or just the team missing their delivery commitments because of last-minute critical vulnerabilities discovered prior to the release deadline.

With the ZeroNorth platform, organizations can take a proactive approach that allows you to shift left and embed all of the security testing and tools into the DevOps pipeline and enable this collaborative culture of DevSecOps.

If you’d like to chat more with the team about the ZeroNorth security orchestration platform, make sure to contact us to set something up.

eBooks & Research Reports

Research Report: The Journey to True DevSecOps

Many questions emerge as the topic of DevSecOps is volleyed about. First, confusion exists in terms of understanding what it actually means to get to true ...

Read Now


Application Security: Bridging the Gap Between DevOps and Security Teams

When AppSec and DevOps teams aren’t aligned on how to deliver secure software, fast, organizations are at risk. This video discusses how to tackle this challenge ...

Watch Now

Related Articles


When DevOps as a Service Meets Security

By Joanne Godfrey Jul 20, 2021

DevOps is one of the latest IT methodologies to be offered ‘as a Service’. With DevOps as a Service (DaaS), all tasks related to selecting, managing ...

Read More

Vulnerability Correlation

What is Application Vulnerability Correlation and Why Does it Matter?

By ZeroNorth May 28, 2021

As applications become more complex, and attack vectors grow more sophisticated, the critical importance of comprehensive software security testing emerges. These days, application testing has become ...

Read More

The ZeroNorth DevSecOps platform offers options for your DevSecOps journey—getting started with AppSec, finding enterprise visibility or fully integrating security into DevOps.