So Happy Together: Making DevSECOps a Reality

Presented at CircleCityCon 8.0 (2021) Virtual, Unknown date/time (Unknown duration).

It may be hard to believe, but it’s been over a decade since DevOps was introduced. It wasn’t long after that the concept of DevSecOps began to emerge as security practitioners attempted to keep application security practices engaged in software delivery. However, recent studies show that even in organizations that have adopted a DevSecOps model, security is still often viewed as a bottleneck. This can undermine the promise of DevSecOps to deliver a culture of shared responsibility for security.

To understand why we’re struggling, this session dives into the key issues that keep security shut out of the DevOps Pipeline. It will provide insights from recent research into the state of DevSecOps and Open Source Security and share evidence that indicates organizations are still failing to mature their processes and achieve the ideal shared responsibility culture.

From this analysis, tangible, practical actions will be identified that security practitioners can take to successfully engage security practices within the pipeline. We’ll move beyond traditional security gates and break-the-build approaches to show a process that motivates committed adoption. Steps that can be taken to create accountability between Development, Security, and Operations disciplines will be outlined. Ultimately, this session delivers a forward-looking viewpoint for what lies beyond DevSecOps, and how this culture can be extended to include the broader business.

Presenters:

• Alyssa Miller - BISO (Business Information Security Officer) at S&P Global Ratings
  Alyssa Miller, Business Information Security Officer (BISO) for S&P Global Ratings, directs the Ratings security strategy, connecting corporate security objectives to business initiatives. She blends a unique mix of technical expertise and executive presence to bridge the gap that can often form between security practitioners and business leaders. Her goal is to change how we look at the security of our interconnected way of life and focus attention on defending privacy and cultivating trust. A life-long hacker, Alyssa has a passion for technology and security. She bought her first computer herself at age 12 and quickly learned techniques for hacking modem communications and software. Her serendipitous career journey began as a software developer which enabled her to pivot into security roles. Beginning as a penetration tester, her last 15 years have seen her grow as a security leader with experience across a variety of organizations. She regularly advocates for improved security practices and shares her research with business leaders and industry audiences through her international public speaking engagements, online content, and as co-host of The Uncommon Journey podcast on ITSP Magazine.

Similar Presentations:

• DerbyCon 9.0 Finish Line (2019) / Are you ready to leverage DevSecOps? Get ready and use it for good.
• Global AppSec - DC 2019 / A DevSecOps Tale of Business, Engineering, and People Keynote
• BSidesDC 2019 / Are you ready to leverage DevSecOps? Get ready and use it for good.