Spotlight on Shifting RIGHT and Security in a DevOps World


Publish Date

Oct 24, 2019

Written by

ZN Logo for Blog


Tagged with

  • DevOps
  • BSIMM10
  • SANS

On November 4th and 5th, 2019, a two-day meeting of the minds will take place among information security experts in Denver, Colorado at the SANS DevOps & Security Summit. Here, leading experts from prominent organizations will delve into current issues around DevOps, cloud services and the security challenges traditional organizations are facing amid evolving velocity and threats.

ZeroNorth’s Chief Technology Officer, John Steven, will explore new thinking on approaches and tools for improving security across applications and infrastructure, including how to achieve meaningful change within a DevOps culture. According to John, taking time to understand this shifting risk management paradigm is “profoundly positive, as it affects the way security is delivered to an organization.” From proactive governance to security assurance to resilient delivery pipelines, businesses today must learn to “practice what they preach” in DevOps.

In addition to current popular tools and processes, Steven will also discuss changes to security staffing and how certain methodologies can align more effectively with development and scalability challenges.

As DevOps grows more agile, and software development becomes less linear, “shifting right” to increase the oversight during deployment, monitoring processes more closely, analyzing log data and testing throughout production has become critical. Using data from a recent BSIMM study with 20 luminary organizations with strong DevOps, John will sketch out a software security framework with the power to revolutionize how traditional shops address and manage vulnerabilities through real-time telemetry of cloud configuration, container integrity and user/system behavior.

Aside from the standard OWASP Top 10 security risks, such as injection, broken authentication and sensitive data exposure, John also will offer up a fresh perspective on different vulnerabilities like account fraud, asset theft and platform abuse. Participants will leave the presentation with a deeper understanding of today’s security tools and how organizations can implement them with greater efficacy and success.

For more information on how to manage vulnerabilities through the software development lifecycle, please watch this webinar.

If you’d like to set up time for a conversation with John at the Summit, please contact us.

eBooks & Research Reports

Research Report: The Journey to True DevSecOps

Many questions emerge as the topic of DevSecOps is volleyed about. First, confusion exists in terms of understanding what it actually means to get to true ...

Read Now


Application Security: Bridging the Gap Between DevOps and Security Teams

When AppSec and DevOps teams aren’t aligned on how to deliver secure software, fast, organizations are at risk. This video discusses how to tackle this challenge ...

Watch Now

Related Articles


When DevOps as a Service Meets Security

By Joanne Godfrey Jul 20, 2021

DevOps is one of the latest IT methodologies to be offered ‘as a Service’. With DevOps as a Service (DaaS), all tasks related to selecting, managing ...

Read More

Vulnerability Correlation

What is Application Vulnerability Correlation and Why Does it Matter?

By ZeroNorth May 28, 2021

As applications become more complex, and attack vectors grow more sophisticated, the critical importance of comprehensive software security testing emerges. These days, application testing has become ...

Read More

The ZeroNorth DevSecOps platform offers options for your DevSecOps journey—getting started with AppSec, finding enterprise visibility or fully integrating security into DevOps.