ZeroNorth CTO John Stephen will be speaking on “CISO Debrief on BSIMM DevOps Study” at OWASP NYC Chapter Meetup July 26, 2019.
Vendors and firms do a lot of DevOps ‘in name only’ because it gets them in the cool club. Those really changing their culture are fundamentally changing their risk management paradigm – from one of proactive governance through security assurance to one of continuous collection of security telemetry and resilient delivery pipelines. What does that mean in practice? Synthesizing a survey of 20 such luminary DevOps firms, this presentation provides a software security framework and conclusions resulting from a survey of twenty luminary organizations practicing what they preach in DevOps culture. We will explore the tools and activities people have come to rely on, the changes to staffing security and aligning them with development and the remaining challenges that impede scale. More>>