DevOps Monthly Online: Security is an Awesome Product Feature

Agenda:
• 5:00 PM - Check in and hang out
• 5:05 PM - Lean Coffee Chat/Presentation
• 5:40 PM - Lean Coffee Chat/Q+A
• 5:55 PM - Wrap up, Next month
• 6:00 PM - Adios!

Security is more than just checklists of common vulnerabilities and addressing questions from the security team. Development teams must add security to their full lifecycle view of product development. From product planning through development and testing to the operation of a system security should permeate each phase of product development.

During planning product teams need to perform threat modeling to evaluate what risks are present and how to prioritize them. Risks can be broken down and addressed iteratively, just like other product features. Adding security tests to the product framework will help the team to ensure that the product remains robust as features are added. Adding monitoring for security events will help the product team gain deeper insights into emergent risks.

These are a few ways that teams can practically address security in their products. Building a bridge for collaboration with the security team is another way. When a team is unsure of how to evaluate a given security risk, or if a threat model is accurate, they can reach out to their security team and ask for assistance.

When was the last time you’ve heard of a development team reaching out to the security team with questions, rather than the other way around?

Join our Slack: ​​https://vzbl.io/devopstoslack
If you'd like to be a speaker: https://bit.ly/speakatdevopsto
If you'd like to sponsor a meetup: steveelsewhere [ at ] gmail.com