What if cyber security reviews could be completed in a single day? What if compliance documents generated themselves automatically and instantly updated to reflect system changes? What if Dev and Sec communicated continuously when building new IT systems? What if guiding teams through building secure, compliant systems was like TurboTax(R) guiding you through taxes?
For years, agile and DevOps practitioners have been exploring how to align security and compliance with high velocity of modern software development and delivery. Finally, some rough consensus and running code is beginning to emerge. This talk will introduce you to “Compliance as Code” with one of the leading innovators in the space as your guide. We’ll cover how to easily implement several critical security practices every agency needs. We’ll also discuss why compliance really isn’t security, how same-day security reviews is coming, demonstrate new tools and provide tips on your agency (and contractors) can get started. Plus, there will be Chuck Norris jokes.
Topics will include:
• Do-able, critical security practices every agency needs
• Compliance isn’t Security...and shouldn’t be Security’s responsibility
• Same-day security reviews and introduction to Compliance-as-Code
• OpenControl, OSCAL, Compliance Masonry, and GovReady Compliance Server
• Update on federal government compliance automation initiatives
• Chuck Norris jokes
Greg Elin is a leader in applying open technologies to improving government services and performance. In 2006, Elin created Sunlight Labs, the technology arm of the Sunlight Foundation, which is widely regarded as one of the original tent-pole organizations in the civic tech community. In 2010, he was appointed the Chief Data Officer at the Federal Communications Commission, one of the first CDOs in the Federal Government. During his tenure, the FCC launched its first APIs, a National Broadband Map, and an online database of public inspection files of television stations.
In 2014, Elin founded GovReady PBC, a public benefit corporation with a mission to reduce the cost innovating digital services to citizens. In 2016, GovReady PBC received a substantial R&D contract from Department of Homeland Security Science & Technology Directorate to lower the cost of cyber security compliance for innovators and small businesses. His company recently released open source tools to do for compliance what TurboTax(R) did for filing taxes.
Connect with Greg on Twitter (@gregelin), LinkedIn, GitHub (gregelin).
• 6:00 - 6:30 p.m.: Networking (cheese + wine/beer)
• 6:30 - 7:00 p.m.: Group intros
• 7:00 - 8:00 p.m.: Speaker + Discussion
• 8:00 - 9:00 p.m.: Networking
About Agile Government Sacramento
Agile Government Sacramento brings together civic innovators to learn, share, discuss and network around the most pressing technology issues facing government, including Agile software development, design thinking/usability, DevOps, open source, open data and security.
About Agile Government Leadership
Agile Government Leadership (https://www.agilegovleaders.org/) (AGL) is a community powered network of agile government professionals. By bringing applied Agile practices to government, we want to redefine the culture of local, state and federal public sector service delivery across all aspects of government.