I’ll be sharing industry learnings and observations from my work as a DevSecOps manager and IT security leader. We’ll define DevSecOps and dispel common misconceptions. We’ll look at goals of DevSecOps and platforms to enable them. Last, we’ll explore how to build a resilient program.
I’ll be sharing industry learnings, key takeaways from relevant literature, and observations from my work as a DevOps manager and IT security leader at a Fortune 10 company.
First, we will touch base on what DevSecOps is - and what it isn’t, dispelling some common misconceptions.
Next, we’ll go over some of the challenges, and discuss how to overcome them. These include technical limitations of some platforms (e.g. SAP); the cost and effort of dealing with legacy, pre-modern application architecture; and challenges such as lack of test data that tend to frustrate DevOps in general. In addition to the technical challenges, we’ll also look at common organizational obstacles. This will include exploring how the role of GRC teams should be transformed by a successful DevSecOps program.
Finally, we’ll examine the theme of resilience and how to build a flexible, learning program that will have lasting value.