Modern development teams deliver features at a rapid pace using new technologies such as containers, microservices, and serverless functions. Operations and infrastructure teams support these rapid delivery cycles using Infrastructure as Code, Test Driven Infrastructure (TDI), and cloud automation. However, security teams are using traditional security approaches that don’t keep up with the rate of accelerated change. Security must be reinvented in a DevOps world by taking advantage of the opportunities provided by continuous integration and delivery pipelines.
This talk will introduce attendees to 5 key phases of DevOps: pre-commit, commit, acceptance, production, and operations. In each phase, we identify the key security controls and discuss several open source tools for implementing the controls. Attendees will walk away with a practical and modern approach for building a successful DevSecOps program.