Putting the Sec in DevOps: getting started with DevSecOps

Putting the Sec in DevOps: getting started with DevSecOps

Global forward thinking IT leaders and practitioners urge that DevSecOps is more than just a cobbled-up term. Credible research by Synk.io and Gartner reveals that enabling DevSecOps helps introduce a lot of productivity gains and efficiencies in the modern "software engineering factory".

• First, if developers take an observability-by-design approach, they can boost application performance and resulting user experience from the get-go.
• Next, DevSecOps not only helps introduce Security testing in CI/CD but also helps embrace a shared responsibility mindset by spreading Security related responsibilities across developers, security architects, CISO organisation, and site reliability engineers.
• Inherently, DevSecOps methodology based software quality gates can assist enterprises to contain and minimise costly production incidents that erode customer confidence.

In practical sense, DevSecOps introduce triple optimisation mechanism:

1. enablement of a dev optimisation stage
2. a host/app vulnerability scan gate for each change/release introduced via CI/CD process and
3. a scientific release scoring mechanism in form of a software quality-check gate that allows only performant releases to be deployed to production.

The fun doesn’t stop here, the security gate helps detect Log4j vulnerability-like situations driven atop a continuous and automated all-encompassing full-stack observability agent. This helps shift left from a reactive SecOps-only approach to early risk detection, mitigation, and management.

The talk aims to benefit developers, release train engineers, engineering management (VPs/CTO/Mgrs), SRE, Testers, CISO, platform engineers and other IT roles.

The key objective of the session is to showcase good practices surrounding DevSecOps and its step-by-step building blocks.

***

Nik Jain, Regional Director (Solution Engineering), ANZ at Dynatrace

Nik is a value engineer and business consultant at Heart. Formally, he is Director of Solution Engineering for Dynatrace ANZ and currently heads up a team of Solution Consultants and Architects in the region. Nik has more than a decade of BizOps, Release Automation, SRE, and DevOps consulting experience for leading global software vendors in the space. In addition, Nik has featured as a speaker at world-leading conferences like Reinvent, Kubecon, DevOpsDaysTalk, Perform, Chaos Carnival and more.