Overview
Have you heard the term “DevSecOps” and wondered what is it? The definition of DevSecOps varies and can be elusive. If you listen to vendors they’ll tell you that it’s all about adding security testing into your software development processes.
The original idea behind DevSecOps is that it’s a group of people with backgrounds in development, security, and operations working collaboratively together to build and deploy better, more secure applications.
Unfortunately, that definition is often lost in translation and so if you ask ten people what it is, you’ll probably get ten different answers! I set out in 2022 to fix that so I created an open source project titled “The DevSecOps Playbook” as a list of specific steps that people from all three domains (dev, sec, and ops) can do together.
The Playbook is 60 tasks that DevSecOps teams can perform to materially affect their application environments.
This presentation will walk the audience through the high level concepts in the Playbook and show them how to prioritize the things the playbook suggests for their specific companies use. The idea is to create a simple framework of tasks that any company, of any size, can do to enable more secure software development engineering processes.
Learning outcomes
- What are the important concepts in DevSecOps?
- How can your organization use the DevSecOps Playbook to deliver software faster and more securely?
- What is a baseline that every company should strive for in terms of securing their software development practices?
Speaker
Mr. Paul McCarty
Founder and CEO, SecureStack