DevSecOps: Separating myth from reality
When you think about DevSecOps or DevOps, you probably think of tooling. A tool in every stage of secure SDLC, scanning on each commit. A few hundred to few thousand scans to gather all the issues for a project or maybe vulnerability management.
Yet DevSecOps has completely changed the way we think of security. New ways of scaling information security mean that traditional security mechanisms like pentesting are no longer holy grails to secure organizations.
More and more, organizations are working towards building security inside out rather than bolting it at the end, and security engineers are starting to see the benefits of this new type of security.
But as more companies begin to embrace DevSecOps, both organizations and security managers have discovered that DevSecOps has its own complexities. These days there's more folklore than the science behind DevSecOps in organizations, more myths than reality.Yet with the right attitude and a few simple ground rules, companies can benefit significantly from DevSecOps.
In this talk, you'll also learn:
- How organizations can bust DevSecOps myths and concentrate on reality.
- Why it's a good idea to think DevSecOps program from the organization's point of view.
- Why organizations need to streamline DevSecOps by concentrating on People, Process, and Technology.
Speaker : Mohammed A. Imran