This week I had the opportunity to give a SOURCE Boston Snap Talks on Shifting Left: Accelerating your Business Goals with DevSecOps.
I also attended several sessions—one that really caught my attention was “Using Behavioral Science to Secure Your Organization” by Masha Sedova of Elevate Security. Her premise was that, to encourage security behavior change in an organization you need three things: motivation, ability and triggers. These three things together can affect positive change in the culture and behavior. I believe this same thinking can be applied to creating the culture of DevSecOps and how the ZeroNorth™ platform can affect this change within an organization.
Most companies and organizations now have significant internal development capabilities. Many of them are adopting agile development methodologies, DevOps, but at the same time have siloed security testing tools across the Software Development Lifecycle (SDLC). Security is not well integrated and is too often is an afterthought. But organizations are starting to realize that employing DevSecOps and embedding security into the process is in fact an innovation accelerator, not a barrier.
Referring back to Masha’s triad, we could say that with DevSecOps:
- The motivation comes from the ability to deliver secure applications at DevOps velocity
- The ability is provided by the ZeroNorth platform, which orchestrates and automates your code and application scans and offers full visibility into vulnerabilities and risk across the entire application stack
- The trigger can be a data breach, a cyber incident or just the team missing their delivery commitments because of last-minute critical vulnerabilities discovered prior to the release deadline.
With the ZeroNorth platform, organizations can take a proactive approach that allows you to shift left and embed all of the security testing and tools into the DevOps pipeline and enable this collaborative culture of DevSecOps.
If you’d like to chat more with the team about the ZeroNorth security orchestration platform, make sure to contact us to set something up.