How to Get Started with DevSecOps; IT/Dev Connect Recap
IT/Dev Connections 2018 took place recently in Dallas, TX. The conference was packed with strong technical sessions focused on a range of topics—from AWS and Azure to Blockchain, PowerShell and DevOps—across multiple tracks: Data Platform, Developer Platform, Cloud and Security. I was asked to deliver a session on DevSecOps.
How to Get Started with DevSecOps
I presented a session during the Security track called “How to Get Started with DevSecOps.” If you do a search around this topic, you’ll see it’s very popular, indicating that DevSecOps and how to move forward is still a nascent concept in terms of understanding. In my session, I discussed how collaboration between development and security teams is key to DevSecOps transformation and that it involves both cultural and technological shifts. The challenges associated with adoption can be addressed by empowering developers with the appropriate security tools and processes, automation and orchestration. I also outlined how to enable this transformation—including the necessary detection, remediation and defect metrics—and the resulting benefits, including the delivery of more secure applications, lower cost of managing your security posture and full visibility into application and enterprise risks.
At the end of this session we had a pretty lively discussion. There was a lot of interest around the ways companies can embed security tools in a traditional CI/CD pipeline and the visibility they can get into the application vulnerabilities and risk. We also had some good conversation around the metrics and indicators that a proper DevSecOps strategy can provide for management and stakeholders.
Container, Serverless, GDPR Also Hot Topics
Other popular sessions and topics at the conference aligned pretty closely with trending discussions. Several sessions focused on various aspects GDPR as everyone is still trying to sort out the specifics of this European regulation. The most common topics in the Cloud track were around Docker containers and serverless. In the Data Platform sessions we heard a lot of good information about SQL Server 2019, leveraging R to process unstructured data and business intelligence reporting platforms.
A high note of the conference was IT/Dev Connection’s second annual hackathon focused on prototyping a data backup solution leveraging Alexa. Three teams battled out for bragging rights. The solutions presented were excellent and, after much deliberation the judges chose team “Umbrella Fellas”.
The networking opportunities at the conference were actually even more valuable than the technical sessions themselves. I had the opportunity to meet like-minded people from across the country who were trying to solve similar problems and I will surely keep in touch with many of them in the future.
Access My Slides
You can access the slides I presented here. If you would like to have a deeper dive conversation about DevSecOps or the CYBRIC Continuous Application Security Platform, shoot us an email at firstname.lastname@example.org and we’ll set something up.