Accelerating the ATO Process with DevSecOps

Government Agencies and Commercial Organizations are rapidly adopting devops and cloud services. The advent of readily available automation services are transforming the way we respond to security and systems events at scale. As developers accelerate the pace and frequency of code deployments, the security and compliance teams must constantly play catch-up. The use of DevSecOps methodologies and technologies can help integrate security and compliance functions into the Continuous Integration/Continuous Delivery (CI/CD) pipeline. The combination of DevSecOps when supplemented by management best practices can yield optimal results to help organizations detect and respond to incidents faster.

The talk will cover the following topics -

  1. Commonly observed security issues and gaps in DevOps pipelines
  2. Review of security and compliance best practices based on NIST, CIS, OWASP standards
  3. Understanding of emerging security threats from DevOps “code” and the supply chain
  4. Case-study describing an organizations journey to DevSecOps to include compliance and security as part of the pipeline
  5. Review of Authority-To-Operate (ATO) acceleration through automation (for Federal Agencies)

This talk will focus on practical examples to help create awareness of emerging practices and relevance of industry security standards such as NIST, OWASP, CIS and how they should be part of the DevOps pipeline.

Video

Speaker

gaurav-pal

Gaurav Pal

 

Gaurav “GP” Pal is CEO and founder of stackArmor. He is an award-winning Senior Business Leader with a successful track record of growing and managing a secure cloud solutions practice

...